This archive contains all of the 176 exploits added to Packet Storm in October, 2013.
ef07cf144b79094e303b73f5ae6e362022c891d6dfde623eff42c78d2b9a884eImpressPages CMS version 3.6 suffers from a remote arbitrary file deletion vulnerability.
55f5e488a59a727c9c92aeb95d6419bf6d920f6c808093b6c87d621b4fca8d1fIf Varnish receives a certain illegal request, and the subroutine 'vcl_error{}' restarts the request, the varnishd worker process will crash with an assert. The varnishd management process will restart the worker process, but there will be a brief interruption of service and the cache will be emptied, causing more traffic to go to the backend. Versions 2.0.x, 2.1.x, and 3.0.x are affected.
4dd3ca412788a9fb651556055e5db955a3a0bfa4211fe82cd6b19131b95892b1ImpressPages CMS version 3.6 suffers from multiple SQL injection vulnerabilities that can be leveraged to commit cross site scripting attacks.
c0158b9660a832da42931529dc82169695f27a37b147d2ca11d07463c6ad3622Joomla Joomleague component suffers from a remote shell upload vulnerability due to having Open Flash Chart included.
0f1ae71621285e8b0eb83e4a3f53e542a05b8297d22083756687db822c368fe3Unicorn WB-3300NR router version 1 with firmware 5.07.18_ko_UIS02 suffers from multiple cross site request forgery vulnerabilities.
496e96adcbb5d5029e4f736e58b001b81d66548809c3f0e582abb2d278aee835AudioCoder version 0.8.22 SEH buffer overflow exploit that spawns calc.exe.
b4cbb03bdcdbcd5c2dec4f6aed6de902c1e1f8bfca55b28882a5495f981304c1Watermark Master version 2.2.23 suffers from a buffer overflow vulnerability.
6d6388481f96aa5d4cd3dab7c54eedac3a960c2006de898b7e9d865544e64183WordPress WP-Checkout plugin suffers from cross site scripting and remote shell upload vulnerabilities. Note that this advisory has site-specific information.
8b75a731806da2c71e99adf68bf4ec4bcc441e9e2a626f2793e02907deffc994Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python. Version 2 of this exploit.
4ff30abedfc2e5c88bf249761ca4192667e3ca89365d9bc9e3bbbe21546e6d28vTiger CRM allows an authenticated user to upload files to embed within documents. Due to insufficient privileges on the 'files' upload folder, an attacker can upload a PHP script and execute arbitrary PHP code remotely. This Metasploit module was tested against vTiger CRM v5.4.0 and v5.3.0.
bbcd3689cbd9914d5739cb0af4a9dcca7c841307f2ee05af37a9fcc839aed4a2NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This Metasploit module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well.
fbb827ba13b127c83e13d52ae23cb93628f4e71810cd8f99c67c4c5a187bb5f0ZABBIX allows an administrator to create scripts that will be run on hosts. An authenticated attacker can create a script containing a payload, then a host with an IP of 127.0.0.1 and run the arbitrary script on the ZABBIX host. This Metasploit module was tested against Zabbix version 2.0.9.
337aba7aa6c0548a701c9d962e9e56e4ac6edce3bbb5c5f7b68fef1361fd8f09ISPConfig allows an authenticated administrator to export language settings into a PHP script which is intended to be reuploaded later to restore language settings. This feature can be abused to run arbitrary PHP code remotely on the ISPConfig server. This Metasploit module was tested against version 3.0.5.2.
500ad81c08959d6a17fb323607222ca4f12a1b9a2e830df3bd4af01d85b6423eOpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system. An attacker can abuse this to run arbitrary commands as any user available on the system (including root).
94cc0202bafd6d8e09dab8de5983f2f26db28f5d5e4ab61e3830ec9bd40f3b41Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This Metasploit module was tested against Moodle version 2.5.2 and 2.2.3.
c4365fd3140a745d4484ea06c3aca345da8ba6b0e3a266802b6ce0150e84b884This is a simple PHP script that checks to see if your D-Link device is vulnerable to the User-Agent backdoor.
b0f9b07e55de0f72f7056f20fafc5118ca5dbd0af300d0146663b52ab3d742d7This Metasploit module exploits a stack-based buffer overflow on Beetel Connection Manager. The vulnerability exists in the parsing of the UserName parameter in the NetConfig.ini file. The module has been tested successfully on PCW_BTLINDV1.0.0B04 over Windows XP SP3 and Windows 7 SP1.b.
5725c9ac2f84dcb5cc5ed565457c90d22f10b51d892638c34a3586733b434570This Metasploit module exploits a PHP code execution vulnerability in the 'neoclassic' skin for ProcessMaker Open Source which allows any authenticated user to execute PHP code. The vulnerable skin is installed by default in version 2.x and cannot be removed via the web interface.
eb45ad4835f0136226472801ecf8d83ecfdfe22caa02b7f28a680a48e9232df6Apache and PHP remote command execution exploit that leverages php5-cgi.
9d57dc343cc59f716358c28109591d65f8d5b225d645fd188e0084e43bad3ad6Apache and PHP remote command execution exploit that leverages php5-cgi. Written in Python.
e84173be8280a7b8f575e8f3452aec7371dc39379e8db2f2dff934de891370cdOlat CMS version 7.8.0.1 suffers from multiple cross site scripting vulnerabilities.
39f8f1c2c8222466efd3ca3ff8b44c69d993ead66bdbacc015256813cdc192ddBlazeDVD version 6.2 SEH buffer overflow exploit that creates a malicious .plf file.
0402fc513d6a45f0367fd4919f1fef0d3db1446cfc7c5861412a5c395ac44e6dThe ASUS RT-N13U home router comes configured with an administrative root shell with a default password and is available via telnetd. Changing the password on the web interface does not remediate the issue.
ecd490cdd8df6d6a8157d63cac98201e4d8df54dcb1b076013ed6fe6f001b466Ops View version pre 4.4.41 suffers from a remote blind SQL injection vulnerability.
92acf8e21feac8586d79811c350e5a6dedf7fd0f2d984f37157264df9d4b6078
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed