what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 156 RSS Feed

Files

Packet Storm New Exploits For September, 2013
Posted Oct 2, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 156 exploits added to Packet Storm in September, 2013.

tags | exploit
systems | linux
SHA-256 | dfb4ce944f8b9d50311d3c0f4103f34084e4c7841c73cd06b55a1514de0c82ba
freeFTPd PASS Command Buffer Overflow
Posted Sep 30, 2013
Authored by Wireghoul | Site metasploit.com

freeFTPd 1.0.10 and below contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted PASS command. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or allow the execution of arbitrary code. FreeFTPd must have an account set to authorization anonymous user account.

tags | exploit, remote, denial of service, overflow, arbitrary
advisories | OSVDB-96517
SHA-256 | 5e92a9db9ba76a96be5d0f1d040af96bc6431037970882d5778b46dcbc012aad
Microsoft Internet Explorer SetMouseCapture Use-After-Free
Posted Sep 30, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability that targets Internet Explorer 9 on Windows 7. The flaw most likely exists in versions 6/7/8/9/10/11. It was initially found in the wild in Japan, but other regions such as English, Chinese, Korean, etc, were targeted as well. The vulnerability is due to how the mshtml!CDoc::SetMouseCapture function handles a reference during an event. An attacker first can setup two elements, where the second is the child of the first, and then setup a onlosecapture event handler for the parent element. The onlosecapture event seems to require two setCapture() calls to trigger, one for the parent element, one for the child. When the setCapture() call for the child element is called, it finally triggers the event, which allows the attacker to cause an arbitrary memory release using document.write(), which in particular frees up a 0x54-byte memory. The exact size of this memory may differ based on the version of IE. After the free, an invalid reference will still be kept and passed on to more functions, eventually arriving in function MSHTML!CTreeNode::GetInterface, and causing a crash (or arbitrary code execution) when this function attempts to use this reference to call what appears to be a PrivateQueryInterface due to the offset (0x00). To mimic the same exploit found in the wild, this module will try to use the same DLL from Microsoft Office 2007 or 2010 to leverage the attack.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2013-3893, OSVDB-97380
SHA-256 | 4b3c1a5b80b3b3378373a9f44d0154cd9d83f40fa16e999f61ede1263be952d6
SimpleRisk 20130915-01 Cross Site Request Forgery / Cross Site Scripting
Posted Sep 30, 2013
Authored by Ryan Dewhurst

SimpleRisk version 20130915-01 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2013-5748, CVE-2013-5749
SHA-256 | 51760980e60232bc33ac5af0d661e294a83781b8a81c3971d498ecd804efc0b9
Firefox For Android Same-Origin Bypass
Posted Sep 30, 2013
Authored by Takeshi Terada

Firefox for Android versions prior to 24 suffer from a same-origin bypass vulnerability via symbolic links.

tags | exploit, bypass
advisories | CVE-2013-1727
SHA-256 | 3a942520517c20e308519b9afe21ca2358a820d16f116fa1c7d936f24bb9491b
HylaFAX+ 5.5.3 Buffer Overflow
Posted Sep 30, 2013
Authored by Dennis Jenkins

HylaFAX+ versions 5.2.4 through 5.5.3 suffer from a buffer overflow vulnerability. The code path for authenticating users via LDAP allocates a 255-byte buffer (via the C++ "new" operator), and then "strcats" user-supplied data buffered from the inbound FTP control channel. Other code limits the amount of copied data to 506 bytes, and truncates on NULL and "\n". Thus it is possible for an unauthenticated remote attacker to overflow the heap with a limited character set.

tags | exploit, remote, overflow
advisories | CVE-2013-5680
SHA-256 | 4b209ff117ea49481dfc4cb29356200b0bd379cabdada2b4e329aae67a8b0a2a
Abuse HTTP Server 2.8 Denial Of Service
Posted Sep 30, 2013
Authored by Zico Ekel | Site cr0security.com

Abuse HTTP Server version2 .8 suffers from a remote denial of service vulnerability. Proof of concept python code included.

tags | exploit, remote, web, denial of service, proof of concept, python
SHA-256 | c9ebbd2dfc059a59e2873bbe5875116708a9ee0a69fb1f47bc708c1acb759ea7
ASUS RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery
Posted Sep 30, 2013
Authored by cgcai

ASUS RT-N66U suffers from a cross site request forgery vulnerability that allows for arbitrary command execution.

tags | exploit, arbitrary, csrf
SHA-256 | 192a23a39c98ec854d68908e71b9d02a34e6c5ca74b7a7321c5c5bea414c569b
Byword 2.x File Overwrite
Posted Sep 29, 2013
Authored by Guillaume Ross

Byword versions prior to 2.1 allow for a remote file overwrite attack.

tags | exploit, remote
advisories | CVE-2013-5725
SHA-256 | 31dbff80533d69b46f741347c1aad7f82c471e3bb3fd8097ffceea0cdbad5d0f
Tenda W309R Configuration Enumeration
Posted Sep 29, 2013
Authored by SANTHO

Tenda wireless router version W309R allows for configuration enumeration without authentication. A NSE script is included for exploitation along with an advisory.

tags | exploit
systems | linux
SHA-256 | 94fe6763bf250d568485660d4f5d4b2e374665b53c0a879b4e59b3dd8697607d
PHP IDNA Convert 0.8.0 Cross Site Scripting
Posted Sep 28, 2013
Authored by Alexandro Silva

PHP IDNA Convert version 0.8.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 759740ae1495d2c12f07ef1905ef401162bc13158398bad2e8f666e18e875ab8
Icy Phoenix 2.0 Cross Site Scripting
Posted Sep 28, 2013
Authored by syst3m_f4ult

Icy Phoenix CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 63eac311bcc5c110f6b257c21931a26987f2af8f67fb1ec266f16bf2996a6339
Astium Remote Code Execution
Posted Sep 26, 2013
Authored by xistence | Site metasploit.com

This Metasploit module exploits vulnerabilities found in Astium astium-confweb-2.1-25399 RPM and lower. A SQL Injection vulnerability is used to achieve authentication bypass and gain admin access. From an admin session arbitrary PHP code upload is possible. It is used to add the final PHP payload to "/usr/local/astium/web/php/config.php" and execute the "sudo /sbin/service astcfgd reload" command to reload the configuration and achieve remote root code execution.

tags | exploit, remote, web, arbitrary, local, root, php, vulnerability, code execution, sql injection
advisories | OSVDB-88860
SHA-256 | 16cd8b04690fc28db1b8c5c9afdb81554208e84689604fe813314bc4a6e8d476
mod_accounting 0.5 Blind SQL Injection
Posted Sep 26, 2013
Authored by Wireghoul

mod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5697
SHA-256 | 5f80d81efab9b887ab6063336f50467c4282d2a92a64c29cbf5563b42ba9f24a
XAMPP 1.8.1 Local Write Access
Posted Sep 26, 2013
Authored by Manuel Garcia Cardenas | Site isecauditors.com

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk.

tags | exploit, local
advisories | CVE-2013-2586
SHA-256 | 4d1631d6f469e4eec20739ed04366120ee8ad777df5da5df3840c88f67f32135
LinkedIn Cross Site Scripting
Posted Sep 26, 2013
Authored by Eduardo Garcia Melia | Site isecauditors.com

The LinkedIn social network suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 709fdb972cf357cc6700ce7b75aa0fffb8e6a059264e6fa0c034ff32e25fcc21
Nodejs js-yaml load() Code Execution
Posted Sep 25, 2013
Authored by joev | Site metasploit.com

For node.js applications that parse user-supplied YAML input using the load() function from the 'js-yaml' package versions below 2.0.5, specifying a self-executing function allows us to execute arbitrary javascript code. This Metasploit module demonstrates that behavior.

tags | exploit, arbitrary, javascript
advisories | CVE-2013-4660
SHA-256 | cc5320d102ad2ea9d6b424995476c2aab54c6ea13234fab7e8cf266af00a87a5
X2CRM 3.4.1 Cross Site Scripting / Local File Inclusion
Posted Sep 25, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

X2CRM version 3.4.1 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2013-5692, CVE-2013-5693
SHA-256 | 6a4cc66b913f10cf3f46ac6679902a3741e65db273a494ff6f23cbe4728b3b17
ZeroShell Remote Code Execution
Posted Sep 25, 2013
Authored by Yann CAM | Site metasploit.com

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The password is used to login as the admin user. After the authentication process is complete it will use the RunScript action to execute the payload with root privileges.

tags | exploit, local, cgi, root, file inclusion
SHA-256 | f2193eea137458685913c7447d099d29999247310ec1af67fb445ea5bf5576dc
IBM AIX 6.1 / 7.1 Local Root Privilege Escalation
Posted Sep 24, 2013
Authored by Kristian Hermansen

IBM AIX versions 6.1 and 7.1 local root privilege escalation exploit.

tags | exploit, local, root
systems | aix
advisories | CVE-2013-4011, OSVDB-95420
SHA-256 | 2044d2c0c7004c32aa43899957870c25f1b7d0b6493c5f27d7f0d26e92f87580
Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
SHA-256 | ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6
WordPress Miniaudioplayer Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Miniaudioplayer plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | dd8134a154849569a93f038bae0d108d64c84c09b21dab4477b068a0348be4f1
WordPress LBG Zoominoutslider Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress LBG Zoominoutslider plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 44134a7e3bee4ab9d030999ba0179c1860102c9503e9a2eeff937b036916c103
Good For Enterprise 2.2.2.1611 Cross Site Scripting
Posted Sep 24, 2013
Authored by Mario

Good for Enterprise iOS application versions 2.2.2.1611 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
systems | apple, ios
advisories | CVE-2013-5118
SHA-256 | 9824e01c248eb8f060865f76eace7ae4777a6461f7136f0972ad8ea4dc0eb4c3
WordPress Sharebar 1.2.5 Cross Site Scripting
Posted Sep 24, 2013
Authored by Ashiyane Digital Security Team

WordPress Sharebar plugin version 1.2.5 suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | d28550236ec0587220af38f8654ee2cf9fccb27b1a29c80ead8598c11f6482e4
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close