Exploit the possiblities
Showing 1 - 25 of 130 RSS Feed

Files

Packet Storm New Exploits For November, 2013
Posted Dec 3, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 129 exploits added to Packet Storm in November, 2013.

tags | exploit
systems | linux
MD5 | e6c0504f3e66b7be14b86af8555d67c0
ABB MicroSCADA wserver.exe Remote Code Execution
Posted Nov 30, 2013
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The issue is due to the handling of unauthenticated EXECUTE operations on the wserver.exe component, which allows arbitrary commands. The component is disabled by default, but required when a project uses the SCIL function WORKSTATION_CALL. This Metasploit module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, remote, overflow, arbitrary
systems | windows, xp, 7
MD5 | 010dfb98036153494bc0b0ce337716be
Ametys CMS 3.5.2 XPath Injection
Posted Nov 30, 2013
Authored by LiquidWorm | Site zeroscience.mk

Ametys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data.

tags | exploit
MD5 | 67c879eb5a4f80c41a91411683b73aba
Kingsoft Office Writer 2012 8.1.0.3385 Buffer Overflow
Posted Nov 30, 2013
Authored by Julien Ahrens | Site rcesecurity.com

Kingsoft Office Writer 2012 version 8.1.0.3385 SEH buffer overflow exploit that creates a malicious .wps file that pops calc.exe.

tags | exploit, overflow
advisories | CVE-2013-3934
MD5 | f5de8dafdd770825294c3f89a7790c26
WordPress Folo Theme Cross Site Scripting
Posted Nov 30, 2013
Authored by Darksnipper

WordPress Folo theme suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 1ff21f75cb4763ec6f5e600dcc92609f
Joomla JMultimedia Command Execution
Posted Nov 30, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla JMultimedia component remote shell upload exploit.

tags | exploit, remote, shell
MD5 | ecdaaf7c8edd8fdf3331a44111267169
NewsAktuell PressePortal DE SQL Injection
Posted Nov 29, 2013
Authored by Marco Onorati | Site vulnerability-lab.com

NewsAktuell PressePortal DE suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 95905dee3a50f9a74f35d3bbdbaffdce
LiveZilla Cross Site Scripting
Posted Nov 29, 2013
Authored by Curesec Research Team

LiveZilla versions prior to 5.1.1.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-6224
MD5 | a735912892ad68c49aabfefcdd0fe064
Pastebin CAPTCHA Bypass
Posted Nov 28, 2013
Authored by Scott Arciszewski

Pastebin suffers from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
MD5 | 58e11193feb456c4df2528465f1e0630
Kimai 0.9.2 db_restore.php SQL Injection
Posted Nov 28, 2013
Authored by Brendan Coles, drone | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.

tags | exploit, arbitrary, php, sql injection
MD5 | aec9a8141849e97ce005dc4486ce99e3
Uptime Agent 5.0.1 Stack Overflow
Posted Nov 27, 2013
Authored by Denis Andzakovic | Site security-assessment.com

Uptime Agent version 5.0.1 suffers from a stack overflow vulnerability. Proof of concept exploit included in this archive.

tags | exploit, overflow, proof of concept
systems | linux
MD5 | 4b29eb1cf7e7aaec72e93dddc3bfd305
Microsoft Tagged Image File Format (TIFF) Integer Overflow
Posted Nov 27, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD value extracted from the TIFF file that is embedded as a drawing in Microsoft Office, and how it gets calculated with user-controlled inputs, and stored in the EAX register. The 32-bit register will run out of storage space to represent the large value, which ends up being 0, but it still gets pushed as a dwBytes argument (size) for a HeapAlloc call. The HeapAlloc function will allocate a chunk anyway with size 0, and the address of this chunk is used as the destination buffer of a memcpy function, where the source buffer is the EXIF data (an extended image format supported by TIFF), and is also user-controlled. A function pointer in the chunk returned by HeapAlloc will end up being overwritten by the memcpy function, and then later used in OGL!GdipCreatePath. By successfully controlling this function pointer, and the memory layout using ActiveX, it is possible to gain arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution, activex
systems | windows, xp
advisories | CVE-2013-3906
MD5 | 7840e627325a5c746a365b34d09b85a9
Chamilo LMS 1.9.6 SQL Injection
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Chamilo LMS version 1.9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6787
MD5 | 659b2bcd10416ef278a831bd79e49b59
Dokeos 2.2 RC2 SQL Injection
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Dokeos version 2.2 RC2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6341
MD5 | 80b299ab60a85543d5e6d76516ba28d6
Claroline 1.11.8 Cross Site Scripting
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Claroline version 1.11.8 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6267
MD5 | a26030a630bc86ca81e5b39f612e1f53
BZR Player 0.97 DLL Hijack
Posted Nov 27, 2013
Authored by Akin Tosunlar

BZR Player version 0.97 suffers from a dll hijacking vulnerability in codec_mpeg.dll.

tags | exploit
systems | windows
MD5 | 4bbb7e8a7aacf24c3606d8bd6eed6511
Boilsoft RM To MP3 Converter 1.72 Denial Of Service
Posted Nov 27, 2013
Authored by Akin Tosunlar

Boilsoft RM to MP3 Converter version 1.72 crash proof of concept denial of service exploit.

tags | exploit, denial of service, proof of concept
MD5 | bb42377c7b41871af384428727bc9760
Wondershare Player 1.6.0 DLL Hijacking
Posted Nov 27, 2013
Authored by Akin Tosunlar

Wondershare Player version 1.6.0 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | 5698d24bb5aaff86889743e9bc8561c0
Audacious Player 3.4.2 / 3.4.1 Denial Of Service
Posted Nov 26, 2013
Authored by Akin Tosunlar

Audacious Player versions 3.4.1 and 3.4.2 denial of service proof of concept crash exploit.

tags | exploit, denial of service, proof of concept
MD5 | 993b471ff987fee1cfc3f8c12ed5c1e9
WordPress Optinfirex Cross Site Scripting
Posted Nov 26, 2013
Authored by Ashiyane Digital Security Team

WordPress Optinfirex third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 7503be83b05ae071dc697bc947036832
WordPress Amerisale-Re Cross Site Scripting
Posted Nov 26, 2013
Authored by Ashiyane Digital Security Team

WordPress Amerisale-Re third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
MD5 | 5e72a6654146be012b0060d8727a9b99
Palo Alto Networks PanOS 5.0.8 XSS / CSRF
Posted Nov 26, 2013
Authored by Thomas Pollet

Palo Alto Networks PanOS versions 5.0.l8 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 52ff908d2457b250c6af889928f1bd5b
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field, counting the number of elements on the collection. By calling the remove() method on an empty CardSpaceClaimCollection it is possible to underflow the length field, storing a negative integer. Later, a call to the add() method will use the corrupted length field to compute the address where write into the SafeArray data, allowing to corrupt memory with a pointer to controlled contents. This Metasploit module achieves code execution by using VBScript as discovered in the wild on November 2013 to (1) create an array of html OBJECT elements, (2) create holes, (3) create a CardSpaceClaimCollection whose SafeArray data will reuse one of the holes, (4) corrupt one of the legit OBJECT elements with the described integer overflow and (5) achieve code execution by forcing the use of the corrupted OBJECT.

tags | exploit, overflow, code execution, activex
advisories | CVE-2013-3918, OSVDB-99555
MD5 | 67794b47c6fcc01e6db48548eec65d27
Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
Posted Nov 26, 2013
Authored by Vitaliy Toropov, juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible to dereference arbitrary memory which easily leverages to arbitrary code execution. In order to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class from System.Windows.dll. This Metasploit module has been tested successfully on IE6 - IE10, Windows XP SP3 / Windows 7 SP1 on both x32 and x64 architectures.

tags | exploit, arbitrary, code execution, bug bounty, packet storm
systems | windows, xp, 7
advisories | CVE-2013-0074, CVE-2013-3896, OSVDB-91147, OSVDB-98223
MD5 | db77ce1a58c39fd936f1e6241e3e85cb
Apache Roller OGNL Injection
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method. This Metasploit module has been tested successfully on Apache Roller 5.0.1 on Ubuntu 10.04.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2013-4212
MD5 | e4ac6d1cd2e0a122fd0e97d9377b96d3
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
PlexCoin Scam Founder Sentenced To Jail And Fined $10k
Posted Dec 10, 2017

tags | headline, cybercrime, fraud, scam, cryptography
Google Lifts Lid On FBI Data Requests: Now You Can Read Actual Letters Online
Posted Dec 9, 2017

tags | headline, government, privacy, usa, google, fbi
Android Flaw Lets Attack Code Slip Into Signed Apps
Posted Dec 9, 2017

tags | headline, malware, phone, flaw, google
Millions Stolen In NiceHash Bitcoin Heist
Posted Dec 9, 2017

tags | headline, hacker, cybercrime, fraud, cryptography
Apple HomeKit Flaw Left Smart Gadgets Vulnerable
Posted Dec 9, 2017

tags | headline, flaw, apple
Intel Management Engine Pwned By Buffer Overflow
Posted Dec 7, 2017

tags | headline, hacker, flaw, conference, intel
Google Steps Up Browser Rivalry With Site Isolation Security
Posted Dec 7, 2017

tags | headline, google, chrome
Ajit Pai Falsely Claims Killing Net Neutrality Helps The Sick
Posted Dec 7, 2017

tags | headline, government, usa, fraud
Bitcoin Breaks Through The $15,000 Mark
Posted Dec 7, 2017

tags | headline, cryptography
CryptoKitties Craze Slows Down Transactions On Ethereum
Posted Dec 6, 2017

tags | headline, denial of service, cryptography
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close