Exploit the possiblities
Showing 1 - 25 of 190 RSS Feed

Files

Packet Storm New Exploits For August, 2013
Posted Sep 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 191 exploits added to Packet Storm in August, 2013.

tags | exploit
systems | linux
MD5 | f141804e7c7639f6acde87e231253ac1
Modsecurity Cross Site Scripting Bypass
Posted Aug 31, 2013
Authored by Rafay Baloch

Modsecurity suffers from a cross site scripting bypass vulnerability.

tags | exploit, xss, bypass
MD5 | e94fc45eeeb7a90c685b095d36b2bf62
Yoast SEO 1.14.15 Cross Site Scripting
Posted Aug 31, 2013
Authored by Sean Roberts

Yoast SEO plugin version 1.14.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e79c1607fa6d28dd9310146097ffc716
TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting
Posted Aug 30, 2013
Authored by xistence

TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 9df222ebb90b0f43b8c66e5c2e0010d7
Mac OS X 10.8.4 Local Privilege Escalation
Posted Aug 30, 2013
Authored by David Kennedy

Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.

tags | exploit, local, root, python
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
MD5 | 8a8a4379f218aceef346e60421e30d68
Soltech.CMS 0.4 Cross Site Scripting / Content Spoofing
Posted Aug 30, 2013
Authored by MustLive

Soltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
MD5 | b2da09524a16086b08138dce1db8a59e
InnovNET Cross Site Scripting
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 4f4027f26d4fd0b7c412b3ce50c6f54b
10Ninety SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.

tags | exploit, remote, sql injection
MD5 | 4acffec063f609db9abce0fde65827bc
NetOrange SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | adcdda2381d1b13ebbfc8d07449d0d59
Performance Guard Arbitrary File Read / Traversal
Posted Aug 29, 2013
Authored by Kerem Kocaer

Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2013-5216
MD5 | e15ef3a03dd34d4947102f54cc5dd345
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
MD5 | 88e4ec31c93f6095787092327295bae6
Apprain 3.0.2 Cross Site Request Forgery
Posted Aug 29, 2013
Authored by Yashar shahinzadeh

Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 0417b5170d123e414fa90d713c7d3e09
Microsoft MSRC RSS ASPX Cross Site Scripting
Posted Aug 29, 2013
Authored by Mohd. Shadab Siddiqui | Site vulnerability-lab.com

Microsoft Online Services suffered from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | eab8bbd80570e77827addb93dba2731e
Department Of Transport UK SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor | Site vulnerability-lab.com

The official UK Department for Transport website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 0d75e6731923c1a8e1cd8c48063f17be
CyberBizia Cross Site Scripting / SQL Injection
Posted Aug 29, 2013
Authored by Ashiyane Digital Security Team

Sites powered by CyberBizia suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | c03392b08679f6550932a4c971be85c4
UTA EDU University ENG SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor | Site vulnerability-lab.com

The University of Texas at Arlington's College of Engineering website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | d7ce07e17d00298dedb6adb8f27454e8
VMWare Setuid vmware-mount Unsafe popen(3)
Posted Aug 29, 2013
Authored by Tavis Ormandy, egypt | Site metasploit.com

VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.

tags | exploit, arbitrary, shell, root
systems | linux, debian
advisories | CVE-2013-1662, OSVDB-96588
MD5 | f174ca6c5c6bd8439fdc4605e284321b
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Posted Aug 29, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.

tags | exploit, activex
systems | windows, xp
advisories | CVE-2013-2370, OSVDB-95640
MD5 | 8abb525c779efa76355554b3961f0bbc
Firefox XMLSerializer Use After Free
Posted Aug 29, 2013
Authored by regenrecht, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This Metasploit module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.

tags | exploit
systems | windows, xp
advisories | CVE-2013-0753, OSVDB-89021
MD5 | 6d919208c10f274c997a34ba8bbff8d7
SPIP Connect Parameter PHP Injection
Posted Aug 29, 2013
Authored by Davy Douhine, Arnaud Pachot, Frederic Cikala | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.

tags | exploit, web, arbitrary, php
systems | linux, fedora, ubuntu
advisories | OSVDB-83543
MD5 | 41e27d5057143146b91bd375a6db4f5c
AVTECH DVR Buffer Overflow / CAPTCHA Bypass
Posted Aug 28, 2013
Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.

tags | exploit, remote, overflow, arbitrary, vulnerability, code execution, proof of concept
advisories | CVE-2013-4980, CVE-2013-4981, CVE-2013-4982
MD5 | 6a4ca880a47d5f05f81bbde1afe7ff9a
WordPress Wordfence 3.8.1 Cross Site Scripting
Posted Aug 28, 2013
Authored by Dylan Irzi

WordPress Wordfence plugin version 3.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 84f47098edb58f873d521d1faef7d8dc
Instagram Crypto Issue / Hardcoded Key
Posted Aug 28, 2013
Authored by Georg Lukas

Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.

tags | exploit
MD5 | ad2b32bf620ecef495a3625253ff0b3a
Google Docs Information Disclosure
Posted Aug 28, 2013
Authored by Jacob Morgan

Google Docs suffers from a clickjacking vulnerability that allows you to get someone's full name and email address.

tags | exploit
MD5 | 193854c3d8b097ad98cd91f3ab27cb92
Blakord Portal Cross Site Scripting
Posted Aug 28, 2013
Authored by Ashiyane Digital Security Team

Sites powered by Blakord Portal suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
MD5 | 64a6f14895067952faca6ac059624161
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close