Exploit the possiblities
Showing 1 - 25 of 157 RSS Feed

Files

Packet Storm New Exploits For September, 2013
Posted Oct 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 156 exploits added to Packet Storm in September, 2013.

tags | exploit
systems | linux
MD5 | 234f4e5f1ade70577f7f93a8a8fad72d
freeFTPd PASS Command Buffer Overflow
Posted Sep 30, 2013
Authored by Wireghoul | Site metasploit.com

freeFTPd 1.0.10 and below contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted PASS command. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or allow the execution of arbitrary code. FreeFTPd must have an account set to authorization anonymous user account.

tags | exploit, remote, denial of service, overflow, arbitrary
advisories | OSVDB-96517
MD5 | 86647bfb494b61ca629a4b5a03ed3062
Microsoft Internet Explorer SetMouseCapture Use-After-Free
Posted Sep 30, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability that targets Internet Explorer 9 on Windows 7. The flaw most likely exists in versions 6/7/8/9/10/11. It was initially found in the wild in Japan, but other regions such as English, Chinese, Korean, etc, were targeted as well. The vulnerability is due to how the mshtml!CDoc::SetMouseCapture function handles a reference during an event. An attacker first can setup two elements, where the second is the child of the first, and then setup a onlosecapture event handler for the parent element. The onlosecapture event seems to require two setCapture() calls to trigger, one for the parent element, one for the child. When the setCapture() call for the child element is called, it finally triggers the event, which allows the attacker to cause an arbitrary memory release using document.write(), which in particular frees up a 0x54-byte memory. The exact size of this memory may differ based on the version of IE. After the free, an invalid reference will still be kept and passed on to more functions, eventually arriving in function MSHTML!CTreeNode::GetInterface, and causing a crash (or arbitrary code execution) when this function attempts to use this reference to call what appears to be a PrivateQueryInterface due to the offset (0x00). To mimic the same exploit found in the wild, this module will try to use the same DLL from Microsoft Office 2007 or 2010 to leverage the attack.

tags | exploit, arbitrary, code execution
systems | windows, 7
advisories | CVE-2013-3893, OSVDB-97380
MD5 | 963f37fd3f414ed4fdd3070cd4eb2c8b
SimpleRisk 20130915-01 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 30, 2013
Authored by Ryan Dewhurst

SimpleRisk version 20130915-01 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2013-5748, CVE-2013-5749
MD5 | 2f3a56c77c8221fc7aae60b005b83791
Firefox For Android Same-Origin Bypass
Posted Sep 30, 2013
Authored by Takeshi Terada

Firefox for Android versions prior to 24 suffer from a same-origin bypass vulnerability via symbolic links.

tags | exploit, bypass
advisories | CVE-2013-1727
MD5 | 3880202078294104d9a86a7e2775f37a
HylaFAX+ 5.5.3 Buffer Overflow
Posted Sep 30, 2013
Authored by Dennis Jenkins

HylaFAX+ versions 5.2.4 through 5.5.3 suffer from a buffer overflow vulnerability. The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP control channel. Other code limits the amount of copied data to 506 bytes, and truncates on NULL and "\n". Thus it is possible for an unauthenticated remote attacker to overflow the heap with a limited character set.

tags | exploit, remote, overflow
advisories | CVE-2013-5680
MD5 | 41ce910c8b8e930012aa79b49c77d4fc
Abuse HTTP Server 2.8 Denial Of Service
Posted Sep 30, 2013
Authored by Zico Ekel | Site cr0security.com

Abuse HTTP Server version2 .8 suffers from a remote denial of service vulnerability. Proof of concept python code included.

tags | exploit, remote, web, denial of service, proof of concept, python
MD5 | 973c56cb77ecef367984df094a621743
ASUS RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery
Posted Sep 30, 2013
Authored by cgcai

ASUS RT-N66U suffers from a cross site request forgery vulnerability that allows for arbitrary command execution.

tags | exploit, arbitrary, csrf
MD5 | ea719bb4a1781e3cd1226501111c15d2
Byword 2.x File Overwrite
Posted Sep 29, 2013
Authored by Guillaume Ross

Byword versions prior to 2.1 allow for a remote file overwrite attack.

tags | exploit, remote
advisories | CVE-2013-5725
MD5 | b039f1a575edfa3e9480d2d37f52ab75
Tenda W309R Configuration Enumeration
Posted Sep 29, 2013
Authored by SANTHO

Tenda wireless router version W309R allows for configuration enumeration without authentication. A NSE script is included for exploitation along with an advisory.

tags | exploit
systems | linux
MD5 | 02641a108e3eb0dfd75c98f2b011cc5d
PHP IDNA Convert 0.8.0 Cross Site Scripting
Posted Sep 28, 2013
Authored by Alexandro Silva

PHP IDNA Convert version 0.8.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 95b0296d772941cf7c9f82cecf26f4a2
Icy Phoenix 2.0 Cross Site Scripting
Posted Sep 28, 2013
Authored by syst3m_f4ult

Icy Phoenix CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fe82a34a1496f1ff77041aae998b6f41
Astium Remote Code Execution
Posted Sep 26, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.

tags | exploit, remote, web, arbitrary, local, root, php, vulnerability, code execution, sql injection
advisories | OSVDB-88860
MD5 | 432ed72ac7cc26bfbd358d5604b17bd2
mod_accounting 0.5 Blind SQL Injection
Posted Sep 26, 2013
Authored by Wireghoul

mod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5697
MD5 | 6c05a142030e492bec48c90159aac337
XAMPP 1.8.1 Local Write Access
Posted Sep 26, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk.

tags | exploit, local
advisories | CVE-2013-2586
MD5 | ceaa4484ed6ee7b162e38edd366cf8b1
LinkedIn Cross Site Scripting
Posted Sep 26, 2013
Authored by Eduardo Garcia Melia | Site isecauditors.com

The LinkedIn social network suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 49f061faaa526fdfdaa2c86e64468882
Nodejs js-yaml load() Code Execution
Posted Sep 25, 2013
Authored by joev | Site metasploit.com

For node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package versions below 2.0.5, specifying a self-executing function allows us to execute arbitrary javascript code. This Metasploit module demonstrates that behavior.

tags | exploit, arbitrary, javascript
advisories | CVE-2013-4660
MD5 | 13ebdbf55dfc348a60df26ecc83b7575
X2CRM 3.4.1 Cross Site Scripting / Local File Inclusion
Posted Sep 25, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

X2CRM version 3.4.1 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2013-5692, CVE-2013-5693
MD5 | bb74395f6638b4f677b6eea07fae41f0
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
MD5 | 6aca173027c40771cf3490070e12b3b4
IBM AIX 6.1 / 7.1 Local Root Privilege Escalation
Posted Sep 24, 2013
Authored by Kristian Hermansen

IBM AIX versions 6.1 and 7.1 local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
advisories | CVE-2013-4011, OSVDB-95420
MD5 | e5611fde696ce3f8486c6c6c17f2ed14
Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
MD5 | 59b33ed589d9ea8d9e202dcd2431989
WordPress Miniaudioplayer Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Miniaudioplayer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 06d228744833b4432f43dd0b00a98397
WordPress LBG Zoominoutslider Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress LBG Zoominoutslider plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | b4407123f200c8b825dcb8951259776f
Good For Enterprise 2.2.2.1611 Cross Site Scripting
Posted Sep 24, 2013
Authored by Mario

Good for Enterprise iOS application versions 2.2.2.1611 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
advisories | CVE-2013-5118
MD5 | d83a1ae0543ce8c4900ea2a39297005b
WordPress Sharebar 1.2.5 Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | b4ec524982ff6df20745a00a08053c17
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Germany Urges Parents To Destroy Snooping Smartwatches
Posted Nov 20, 2017

tags | headline, privacy, germany
Drone Maker Makes Hacking Accusations
Posted Nov 20, 2017

tags | headline, hacker, flaw
DNS Resolver 9.9.9.9 Will Check Requests Against IBM Threat Database
Posted Nov 20, 2017

tags | headline, malware, dns
F5 DROWNing, Not Waving, In Crypto Fail
Posted Nov 20, 2017

tags | headline, flaw, cryptography
Cap'n Crunch Booted From Conferences Due To Sexual Misconduct Claims
Posted Nov 18, 2017

tags | headline, hacker, phone, conference
3 More Android Malware Families Invade Google Play Store
Posted Nov 18, 2017

tags | headline, malware, phone, google
Shamed TLS/SSL Cert Authority StartCom To Shut Up Shop
Posted Nov 18, 2017

tags | headline, privacy, data loss, flaw, cryptography
Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets
Posted Nov 18, 2017

tags | headline, government, privacy, usa, amazon, data loss, flaw, spyware, social
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close