exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 190 RSS Feed

Files

Packet Storm New Exploits For August, 2013
Posted Sep 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 191 exploits added to Packet Storm in August, 2013.

tags | exploit
systems | linux
SHA-256 | 058cdd9ee708055a538eca696d3d41f58b70c1432ccddd8b82e1c322ee38d708
Modsecurity Cross Site Scripting Bypass
Posted Aug 31, 2013
Authored by Rafay Baloch

Modsecurity suffers from a cross site scripting bypass vulnerability.

tags | exploit, xss, bypass
SHA-256 | a733a0dbcebbe9fedb06363ea004ad94e998d20f23675d7a928b41d20331a6aa
Yoast SEO 1.14.15 Cross Site Scripting
Posted Aug 31, 2013
Authored by Sean Roberts

Yoast SEO plugin version 1.14.15 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ad07894aa4a076ba14a0f632894ecaf4d9a2390bbfd8bb7fc1cf7bd5c3820683
TP-Link TD-W8951ND Cross Site Request Forgery / Cross Site Scripting
Posted Aug 30, 2013
Authored by xistence

TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 6f8f17c7fe77da4b4fb9dc2dbb22d7bc2130afdfd2ddf5f70ee72cef17ddb028
Mac OS X 10.8.4 Local Privilege Escalation
Posted Aug 30, 2013
Authored by David Kennedy

Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.

tags | exploit, local, root, python
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
SHA-256 | a0b32edb63a75a52f36b3b0a16898f214ffdda7d8f01efbf9482265d991f663b
Soltech.CMS 0.4 Cross Site Scripting / Content Spoofing
Posted Aug 30, 2013
Authored by MustLive

Soltech.CMS version 0.4 suffers from cross site scripting and content-spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | 3a2128ffc8465d8e9ab1437eee66ccd0120c1ab286e6b4e9656695dcdae0c80b
InnovNET Cross Site Scripting
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by InnovNET suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | cc8a5a522b2375d69ee3a4d6f8f2c0a2d801ef0278c4b5ce1f94a8115dabf0a6
10Ninety SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by 10Ninety suffered from a remote SQL injection vulnerability. The vendor contacted Packet Storm security on 11/26/2013 to note that the issue has been resolved.

tags | exploit, remote, sql injection
SHA-256 | 22bced0651b954ffd992c7d05b169412b5cccc21f9d0c513894db79d4f5178af
NetOrange SQL Injection
Posted Aug 30, 2013
Authored by Ashiyane Digital Security Team

Sites powered by NetOrange - Sititalia.it suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | c6d899774f7bdc71045706d65cae5014cc9528ddd33b73325104aa782aa78ba3
Performance Guard Arbitrary File Read / Traversal
Posted Aug 29, 2013
Authored by Kerem Kocaer

Performance Guard from CapaSystems suffers from a traversal vulnerability that allows for arbitrary file reading.

tags | exploit, arbitrary, file inclusion
advisories | CVE-2013-5216
SHA-256 | ef90193100f7cdc65bdecf8b7d836ffcd9708cba4b2d4d930fc7cec1e399cd46
Geonick Social Network Clickjacking / Credential Disclosure
Posted Aug 29, 2013
Authored by Juan Carlos Garcia

Geonick Social Network suffers from a lack of clickjacking protection, it has an insecure crossdomain.xml file, and sends user credentials in the clear.

tags | exploit
SHA-256 | 97a88857ba14577c519450180d5fb5211da072e083d09bb5b1895c33b26737a7
Apprain 3.0.2 Cross Site Request Forgery
Posted Aug 29, 2013
Authored by Yashar shahinzadeh

Apprain version 3.0.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | e606476fb827bd1dfe2fc1fc86cba2d171d51472da3a964744a23aa25cdf5e2d
Microsoft MSRC RSS ASPX Cross Site Scripting
Posted Aug 29, 2013
Authored by Mohd. Shadab Siddiqui, Vulnerability Laboratory | Site vulnerability-lab.com

Microsoft Online Services suffered from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | ac8f587b214e78fe60fc63bef72a529ea7ee0d7a2fe599ea1178e65161a44489
Department Of Transport UK SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The official UK Department for Transport website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 53f155f273318d0f9851d19a79ed0550d489cb4188fc5a2e0495ecf5a9344fc5
CyberBizia Cross Site Scripting / SQL Injection
Posted Aug 29, 2013
Authored by Ashiyane Digital Security Team

Sites powered by CyberBizia suffer from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b5001e20cbe7dc3bdcb15d4aacf0d5be097d3df653269d605438d071b1f9228e
UTA EDU University ENG SQL Injection
Posted Aug 29, 2013
Authored by Chokri Ben Achor, Vulnerability Laboratory | Site vulnerability-lab.com

The University of Texas at Arlington's College of Engineering website suffered from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | a8403741d5c50ea00355b08845351cc8d61ca25d32a6dc7ba79d32fa99fee12b
VMWare Setuid vmware-mount Unsafe popen(3)
Posted Aug 29, 2013
Authored by Tavis Ormandy, egypt | Site metasploit.com

VMWare Workstation (up to and including 9.0.2 build-1031769) and Player have a setuid executable called vmware-mount that invokes lsb_release in the PATH with popen(3). Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an arbitrary payload in an executable called lsb_release and have vmware-mount happily execute it as root for us.

tags | exploit, arbitrary, shell, root
systems | linux, debian
advisories | CVE-2013-1662, OSVDB-96588
SHA-256 | d6d99d5e820653afe8fadb60e5b5067b276b612b74c995ebca5507a7c34190b3
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Posted Aug 29, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.

tags | exploit, activex
systems | windows
advisories | CVE-2013-2370, OSVDB-95640
SHA-256 | a5e106a110e475d117b3500d373abbf472e7b81cec4cfdde2c8f9d7957853a9b
Firefox XMLSerializer Use After Free
Posted Aug 29, 2013
Authored by regenrecht, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found on Firefox 17.0 (< 17.0.2), specifically an use after free of an Element object, when using the serializeToStream method with a specially crafted OutputStream defining its own write function. This Metasploit module has been tested successfully with Firefox 17.0.1 ESR, 17.0.1 and 17.0 on Windows XP SP3.

tags | exploit
systems | windows
advisories | CVE-2013-0753, OSVDB-89021
SHA-256 | f58157e305e4290dd4e3a5a36814841073537da1ad441ef4e8c63cdafe49db1c
SPIP Connect Parameter PHP Injection
Posted Aug 29, 2013
Authored by Davy Douhine, Arnaud Pachot, Frederic Cikala | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.

tags | exploit, web, arbitrary, php
systems | linux, fedora, ubuntu
advisories | OSVDB-83543
SHA-256 | d27325e9d83bde4fc580a0bfde93a3bfbc111c65ffc0b7db562ca093df580462
AVTECH DVR Buffer Overflow / CAPTCHA Bypass
Posted Aug 28, 2013
Authored by Core Security Technologies, Anibal Sacco, Facundo Pantaleo | Site coresecurity.com

Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or bypass CAPTCHA functionality for logging into the administrative console. Proof of concept code included.

tags | exploit, remote, overflow, arbitrary, vulnerability, code execution, proof of concept
advisories | CVE-2013-4980, CVE-2013-4981, CVE-2013-4982
SHA-256 | d69c855434e206ed106355a53d8a7790ee1a27b7581178dde7685f2ac8f54862
WordPress Wordfence 3.8.1 Cross Site Scripting
Posted Aug 28, 2013
Authored by Dylan Irzi

WordPress Wordfence plugin version 3.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 877036cb543d31efe9aeeced8a2497abf3c29130f3276a4cf110d0a249650272
Instagram Crypto Issue / Hardcoded Key
Posted Aug 28, 2013
Authored by Georg Lukas

Instagram for Android suffers from a partial cryptographic authentication issue and also hard codes a secret key in the application.

tags | exploit
SHA-256 | fe4ecab0cd3f2337a6c819fe2cd9a3cdca982c55e8e4679b44d218f444dacefb
Google Docs Information Disclosure
Posted Aug 28, 2013
Authored by Jacob Morgan

Google Docs suffers from a clickjacking vulnerability that allows you to get someone's full name and email address.

tags | exploit
SHA-256 | f40d125935d8955f224c0956ab7c6e95c449baba74d1ba9b75aae6bd775a70d2
Blakord Portal Cross Site Scripting
Posted Aug 28, 2013
Authored by Ashiyane Digital Security Team

Sites powered by Blakord Portal suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.

tags | exploit, xss
SHA-256 | 4ff80a2526c8ff13609305d054befb8d70cd8a3312e6d2371f8392b5ce817b93
Page 1 of 8
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close