The WordPress silverOrchid theme by gazpo.com suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
17871129a30d053f15ebe5d29e7c76e76cd180faeff48ceb4f0500e1c251de2fThe ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.
b839d5970482f3cd66e3ee8e41489d0f6ff55dcbb61c65d376fe88669b834be3Atlassian Confluence versions 3.x and 4.x allow for anonymous users to list all registered users of the system. The vendor does not believe this is a security concern.
4a4c16d6b5e27d2551991426235eaa47ad13ed9c1e9766bd8e50813c068e0802WinAmp version 5.63 buffer overflow exploit that leverages how skins are handled incorrectly.
b7b8323d0f2912432388831222006fc44f18caa39d9dfcb7d498e1994fe67ee5This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.
861501e9890ef0e4cff6780f3ce32dadf2038337f7e60f127a1275773d181e73Belkin G Wireless Router remote code execution proof of concept exploit.
43beacbd1d2f3672fb7be34a7a3f2b6f9fabf3623fbe5cb404ae146733cc6365Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.
40a0643dbab499a3f46d60fad23c407a10df8680b8e1f4e8115ef3aed8b93719CM3 AcoraCMS versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, and 5.5.0/1b-p1 suffer from cross site request forgery, cross site scripting, information disclosure, weak cookies, and URL redirection vulnerabilities.
f65adb8d5d4537a8f1aff22cba3e550a87e391426812fdba7c08849a765bdb48libtiff versions 3.9.5 and below suffer from an integer overflow vulnerability.
e047e24940fc1946d2bd9e6123520ff4837f2a59b4ec6f49e5d2d1e28babd003WordPress Simple Login Registration version 1.0.1 suffers from a cross site scripting vulnerability.
8eaaf8d9c59f71217d63637d3dbbbe789fbc7b92081e36db7effd8b1901a4a06Musicbox version 2.3.8 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
20cfed76192734cf617e94e030e36c6d5394c6401ca591e0ff39e54db386abe2Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities.
d5574eb95b9c81f907d0fcbec02ac11f615600255a8fae6dcf88f94ba7394837The WordPress Post-Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
a27e312e77262e178eaa8ddeb54a389448031e07bf31d9f1a766423a417f183cmyBusinessAdmin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
61199fcdd72948288b6ed131c61a7639d0420c74ff9601b8ff95b0b0efc14215This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).
fdafe64c526b291f8bc73bfd5eb8e62b37efd1524e773b087d3cc9cb3a8c5297Samba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.
9ffc449f91de8aebdf2d549084d0b7ded62399e2e6a995fffee9b45af3a36af1FICOBank suffers from exposed directory listing and cross site scripting vulnerabilities. They do not believe any of this is an issue and if you use them, you should change banks immediately.
a3b64ae17ac6373785bfcea917ed3efed819ce567e81d61f13690c93de1a211emooSocial version 1.3 suffers from cross site scripting and local file inclusion vulnerabilities.
f6d11b27cd9d0d5b9bcb61f738af8f5ae3e5d96e66ec3b7958aa519b6521ef89Cloudflare suffers from a cross site scripting vulnerability.
681015cc7dbb3e4d2e076c6ae25daf1f2af32856d530de408b2030a5a71a1587Paypal suffers from an arbitrary account deletion vulnerability that leverages unvalidated email account additions.
841c2aec9aded6aabc4378df632abfd8fa15c280ccb7f358a5f308e52fa80358GDD FLVPlayer version 3.635 suffers from cross site scripting and content spoofing vulnerabilities.
44f7dd1212681cf231fd4da478749b23c764aaaf54bf4e11341f3f140cfc4311This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.
d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206Joomla VirtueMart component versions 2.0.22a and below suffer from a remote SQL injection vulnerability.
2492d1981ba286f22ce07569a6fbf8d8800141d6ba82d7bd60588a6cbe01734dPhpVibe version 3.1 suffers from a remote shell upload vulnerability.
5f986cf1468601c9a88f20bd84f17fd1e3b3eb1767c9565d26314580885f8339The WordPress Video Whisper Live Streaming plugin suffers from a cross site scripting vulnerability.
9c12f6bfff77b894e0a6d28038abd9788a6c0164f211f3d2010e8846d6b20b2d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed