This archive contains all of the 191 exploits added to Packet Storm in August, 2013.
058cdd9ee708055a538eca696d3d41f58b70c1432ccddd8b82e1c322ee38d708
Modsecurity suffers from a cross site scripting bypass vulnerability.
a733a0dbcebbe9fedb06363ea004ad94e998d20f23675d7a928b41d20331a6aa
Yoast SEO plugin version 1.14.15 suffers from a cross site scripting vulnerability.
ad07894aa4a076ba14a0f632894ecaf4d9a2390bbfd8bb7fc1cf7bd5c3820683
TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.
6f8f17c7fe77da4b4fb9dc2dbb22d7bc2130afdfd2ddf5f70ee72cef17ddb028
Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.
a0b32edb63a75a52f36b3b0a16898f214ffdda7d8f01efbf9482265d991f663b
Soltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.
3a2128ffc8465d8e9ab1437eee66ccd0120c1ab286e6b4e9656695dcdae0c80b
Sites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
cc8a5a522b2375d69ee3a4d6f8f2c0a2d801ef0278c4b5ce1f94a8115dabf0a6
Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.
22bced0651b954ffd992c7d05b169412b5cccc21f9d0c513894db79d4f5178af
Sites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
c6d899774f7bdc71045706d65cae5014cc9528ddd33b73325104aa782aa78ba3
Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.
ef90193100f7cdc65bdecf8b7d836ffcd9708cba4b2d4d930fc7cec1e399cd46
Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.
97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7
Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.
e606476fb827bd1dfe2fc1fc86cba2d171d51472da3a964744a23aa25cdf5e2d
Microsoft Online Services suffered from a cross site scripting vulnerability. Note that this finding houses site-specific data.
ac8f587b214e78fe60fc63bef72a529ea7ee0d7a2fe599ea1178e65161a44489
The official UK Department for Transport website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
53f155f273318d0f9851d19a79ed0550d489cb4188fc5a2e0495ecf5a9344fc5
Sites powered by CyberBizia suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
b5001e20cbe7dc3bdcb15d4aacf0d5be097d3df653269d605438d071b1f9228e
The University of Texas at Arlington's College of Engineering website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a8403741d5c50ea00355b08845351cc8d61ca25d32a6dc7ba79d32fa99fee12b
VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.
d6d99d5e820653afe8fadb60e5b5067b276b612b74c995ebca5507a7c34190b3
This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.
a5e106a110e475d117b3500d373abbf472e7b81cec4cfdde2c8f9d7957853a9b
This Metasploit module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This Metasploit module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.
f58157e305e4290dd4e3a5a36814841073537da1ad441ef4e8c63cdafe49db1c
This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.
d27325e9d83bde4fc580a0bfde93a3bfbc111c65ffc0b7db562ca093df580462
Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.
d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862
WordPress Wordfence plugin version 3.8.1 suffers from a cross site scripting vulnerability.
877036cb543d31efe9aeeced8a2497abf3c29130f3276a4cf110d0a249650272
Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.
fe4ecab0cd3f2337a6c819fe2cd9a3cdca982c55e8e4679b44d218f444dacefb
Google Docs suffers from a clickjacking vulnerability that allows you to get someone's full name and email address.
f40d125935d8955f224c0956ab7c6e95c449baba74d1ba9b75aae6bd775a70d2
Sites powered by Blakord Portal suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
4ff80a2526c8ff13609305d054befb8d70cd8a3312e6d2371f8392b5ce817b93