exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 130 RSS Feed

Files

Packet Storm New Exploits For November, 2013
Posted Dec 3, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 129 exploits added to Packet Storm in November, 2013.

tags | exploit
systems | linux
SHA-256 | cec1606be4b9041989a72da2a2b153b6775eb0d0a409ef48da044631596568a6
ABB MicroSCADA wserver.exe Remote Code Execution
Posted Nov 30, 2013
Authored by juan vazquez, Brian Gorenc | Site metasploit.com

This Metasploit module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The issue is due to the handling of unauthenticated EXECUTE operations on the wserver.exe component, which allows arbitrary commands. The component is disabled by default, but required when a project uses the SCIL function WORKSTATION_CALL. This Metasploit module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, remote, overflow, arbitrary
systems | windows
SHA-256 | 0bdf9a94501d5619a20ed028d746c3734042d2dd9d819b70fa7fbb4ef414fa5d
Ametys CMS 3.5.2 XPath Injection
Posted Nov 30, 2013
Authored by LiquidWorm | Site zeroscience.mk

Ametys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data.

tags | exploit
SHA-256 | c5dbcda0f10c655d76ff28210efc04294966ced89d00fa641314117ecc195ed1
Kingsoft Office Writer 2012 8.1.0.3385 Buffer Overflow
Posted Nov 30, 2013
Authored by Julien Ahrens | Site rcesecurity.com

Kingsoft Office Writer 2012 version 8.1.0.3385 SEH buffer overflow exploit that creates a malicious .wps file that pops calc.exe.

tags | exploit, overflow
advisories | CVE-2013-3934
SHA-256 | b7d9ad349ded8a5a19c71d80cba93ff175a9354bd4e6012b41c0c8d3a2f14174
WordPress Folo Theme Cross Site Scripting
Posted Nov 30, 2013
Authored by Darksnipper

WordPress Folo theme suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6f6a0b653d47d002c0d96429481f77236becff3c3cf8a84c7c394b20619c5ffb
Joomla JMultimedia Command Execution
Posted Nov 30, 2013
Authored by Rafay Baloch, Deepankar Arora

Joomla JMultimedia component remote shell upload exploit.

tags | exploit, remote, shell
SHA-256 | 60512e22d6ce24750d26196501efc9831992d71d5a81d6681e45d2ad7ddfc47f
NewsAktuell PressePortal DE SQL Injection
Posted Nov 29, 2013
Authored by Marco Onorati, Vulnerability Laboratory | Site vulnerability-lab.com

NewsAktuell PressePortal DE suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bf07743459f6adae6679ab26bb30d59946bc54f429b63e764c34268aa9066d59
LiveZilla Cross Site Scripting
Posted Nov 29, 2013
Authored by Curesec Research Team

LiveZilla versions prior to 5.1.1.0 suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-6224
SHA-256 | 26961d2405183c2ec5a94990f2486b9a6d5a1176105b91b64138da36b9f2ca9c
Pastebin CAPTCHA Bypass
Posted Nov 28, 2013
Authored by Scott Arciszewski

Pastebin suffers from a CAPTCHA bypass vulnerability.

tags | exploit, bypass
SHA-256 | 56392168410383eae1397d73dcb93faad1595c25e457f29f5a49e99776da26ab
Kimai 0.9.2 db_restore.php SQL Injection
Posted Nov 28, 2013
Authored by Brendan Coles, drone | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This Metasploit module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.

tags | exploit, arbitrary, php, sql injection
SHA-256 | 853a61dfd6df69f1dd037fceb6af76d6aa56c0b508cd161484f30988de0f9da7
Uptime Agent 5.0.1 Stack Overflow
Posted Nov 27, 2013
Authored by Denis Andzakovic | Site security-assessment.com

Uptime Agent version 5.0.1 suffers from a stack overflow vulnerability. Proof of concept exploit included in this archive.

tags | exploit, overflow, proof of concept
systems | linux
SHA-256 | 41b899e65489dca57409b920655c2a7e8ceaa50c5c528ba41a1b386ce5695a6c
Microsoft Tagged Image File Format (TIFF) Integer Overflow
Posted Nov 27, 2013
Authored by sinn3r, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD value extracted from the TIFF file that is embedded as a drawing in Microsoft Office, and how it gets calculated with user-controlled inputs, and stored in the EAX register. The 32-bit register will run out of storage space to represent the large value, which ends up being 0, but it still gets pushed as a dwBytes argument (size) for a HeapAlloc call. The HeapAlloc function will allocate a chunk anyway with size 0, and the address of this chunk is used as the destination buffer of a memcpy function, where the source buffer is the EXIF data (an extended image format supported by TIFF), and is also user-controlled. A function pointer in the chunk returned by HeapAlloc will end up being overwritten by the memcpy function, and then later used in OGL!GdipCreatePath. By successfully controlling this function pointer, and the memory layout using ActiveX, it is possible to gain arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution, activex
systems | windows
advisories | CVE-2013-3906
SHA-256 | 36cbcba744d7659568ae499cb8f62964f839c74b64b5def580d9440a661806da
Chamilo LMS 1.9.6 SQL Injection
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Chamilo LMS version 1.9.6 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6787
SHA-256 | 36e173b2be5a99350bc8b86a9eefbb79333880193bd30a896bc223fd6a58374d
Dokeos 2.2 RC2 SQL Injection
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Dokeos version 2.2 RC2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6341
SHA-256 | 1c90844d11a66c66cf2d6b5c646d4bea3595686b9a756b41e2e610d39e08eff4
Claroline 1.11.8 Cross Site Scripting
Posted Nov 27, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

Claroline version 1.11.8 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-6267
SHA-256 | 2d1b2ef9c175f2f82b0ed223a879bb779fccc661cedf88f4043404645de074af
BZR Player 0.97 DLL Hijack
Posted Nov 27, 2013
Authored by Akin Tosunlar

BZR Player version 0.97 suffers from a dll hijacking vulnerability in codec_mpeg.dll.

tags | exploit
systems | windows
SHA-256 | 15a8b33568c942e1db866ae3a90ccc3d1f553b3b875e59a46f77502d0a9ae58a
Boilsoft RM To MP3 Converter 1.72 Denial Of Service
Posted Nov 27, 2013
Authored by Akin Tosunlar

Boilsoft RM to MP3 Converter version 1.72 crash proof of concept denial of service exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 0f49a6f2cda59a306a9fdf4ab89c2d80a9f792c644ab06947e0ab7814a6ff02a
Wondershare Player 1.6.0 DLL Hijacking
Posted Nov 27, 2013
Authored by Akin Tosunlar

Wondershare Player version 1.6.0 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 3498e1804f5f026025c6c02ef2ff272d74d84bb446f6b691be47e4ae35dcc0c9
Audacious Player 3.4.2 / 3.4.1 Denial Of Service
Posted Nov 26, 2013
Authored by Akin Tosunlar

Audacious Player versions 3.4.1 and 3.4.2 denial of service proof of concept crash exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 2108629d3923e262d6697e389444978f6e9c5342756dce80acc4e5852cb48f96
WordPress Optinfirex Cross Site Scripting
Posted Nov 26, 2013
Authored by Ashiyane Digital Security Team

WordPress Optinfirex third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | 406b64a71217b4d7101b4e75837a87536ec5f4df1b52cca998fe666d372c6537
WordPress Amerisale-Re Cross Site Scripting
Posted Nov 26, 2013
Authored by Ashiyane Digital Security Team

WordPress Amerisale-Re third party plugin suffers from a cross site scripting vulnerability. Note that this advisory has site-specific information.

tags | exploit, xss
SHA-256 | dd9af24538474b4be70e9304d308e609bd382701c86aaeaaa6dd00cff815eadd
Palo Alto Networks PanOS 5.0.8 XSS / CSRF
Posted Nov 26, 2013
Authored by Thomas Pollet

Palo Alto Networks PanOS versions 5.0.l8 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 0128c8519b469367add23f825da0f04e65d811cb5874370e064fdbed3fe6a5fc
MS13-090 CardSpaceClaimCollection ActiveX Integer Underflow
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a vulnerability on the CardSpaceClaimCollection class from the icardie.dll ActiveX control. The vulnerability exists while the handling of the CardSpaceClaimCollection object. CardSpaceClaimCollections stores a collection of elements on a SafeArray and keeps a size field, counting the number of elements on the collection. By calling the remove() method on an empty CardSpaceClaimCollection it is possible to underflow the length field, storing a negative integer. Later, a call to the add() method will use the corrupted length field to compute the address where write into the SafeArray data, allowing to corrupt memory with a pointer to controlled contents. This Metasploit module achieves code execution by using VBScript as discovered in the wild on November 2013 to (1) create an array of html OBJECT elements, (2) create holes, (3) create a CardSpaceClaimCollection whose SafeArray data will reuse one of the holes, (4) corrupt one of the legit OBJECT elements with the described integer overflow and (5) achieve code execution by forcing the use of the corrupted OBJECT.

tags | exploit, overflow, code execution, activex
advisories | CVE-2013-3918, OSVDB-99555
SHA-256 | 58f2175e1ed88e1751853e1d2aa79f7740fb2c4be64b98ebf51299e06cc219c0
Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access
Posted Nov 26, 2013
Authored by Vitaliy Toropov, juan vazquez, James Forshaw | Site metasploit.com

This Metasploit module exploits a vulnerability on Microsoft Silverlight. The vulnerability exists on the Initialize() method from System.Windows.Browser.ScriptObject, which access memory in an unsafe manner. Since it is accessible for untrusted code (user controlled) it's possible to dereference arbitrary memory which easily leverages to arbitrary code execution. In order to bypass DEP/ASLR a second vulnerability is used, in the public WriteableBitmap class from System.Windows.dll. This Metasploit module has been tested successfully on IE6 - IE10, Windows XP SP3 / Windows 7 SP1 on both x32 and x64 architectures.

tags | exploit, arbitrary, code execution, bug bounty, packet storm
systems | windows
advisories | CVE-2013-0074, CVE-2013-3896, OSVDB-91147, OSVDB-98223
SHA-256 | 3905f49c6a63195a8b150b72b89466bf89d932607328806dbfade7ebf03e25ce
Apache Roller OGNL Injection
Posted Nov 26, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an OGNL injection vulnerability in Apache Roller < 5.0.2. The vulnerability is due to an OGNL injection on the UIAction controller because of an insecure usage of the ActionSupport.getText method. This Metasploit module has been tested successfully on Apache Roller 5.0.1 on Ubuntu 10.04.

tags | exploit
systems | linux, ubuntu
advisories | CVE-2013-4212
SHA-256 | f01bd114b927e26a90df13f09d56f596bd7f9e60085c40975d0c9cb27ffe8c08
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close