This archive contains all of the 146 exploits added to Packet Storm in January, 2014.
abd91531ce551e9aefb4494643037cb7c7ffe5ce4f916248468aa82c725f3618
Joomla JomSocial component version 2.6 remote PHP code execution exploit.
ea1422d55f32ea2f21fe3bfa98a8a970fd3b75fcef135c089e38f1464c28a72b
TopicsViewer version 3.0 Beta 1 suffers from multiple remote SQL injection vulnerabilities.
48dee20e05e6227d7032a46cb6020f6d577fcadffa33738daaabfd47613727f5
Linux 3.4+ recvmmsg x32 compat proof of concept exploit.
5662db3459ebcd5e6569adefd8e89c500d6c4b915e1d0af5b4ab442214e7b017
Jobsite Logo suffers from cross site scripting and remote SQL injection vulnerabilities.
f5b281fa23163ff33cd4204b0ebdddfa490fec4c9fcb6e65a4b8ada7918abb2c
Booking Calendar PHP suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
960acaa17357d30d3a772a036e2375e6767ea24edc21a4bd4950e8b6f6323648
Eventy Online Scheduler version 1.8 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
adc6db576bd5a7faa15c3609f25e879996a7872f76654e872bb6c611a44d8a5b
Newtontree IT Services suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d1207b580f63cb7e7eabc1d92f90e1a63599ba5e12d2adb4191941c87e6ceac5
This whitepaper discusses how to perform a take over of the Ektron CMS. It demonstrates how to hijack the builtin and admin accounts.
4051126d4a1554f5aa1a371e3823fe1746489da90272c4a0bd3f21fffb9a0ce0
This Metasploit module exploits an arbitrary PHP file upload in the WordPress Amerisale-Re third party plugin.
1977a861af86c1bb609eab4c6885099d74ee40712c458de75397e40bdcfb1bea
LinPHA version 1.3.4 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
dd1112c814225c6d2b24116f1d99bcf78fed4941a42afe5ea7e7f980af1746d0
Amin'z Tech CMS suffers from remote shell upload and a remote SQL injection vulnerability that allows for login bypass.
c992e7712a27df499ae4bc3d17ca86548e65261cdd7eaa0f75a9c314525437d6
NCH Software Inventoria version 3.45 suffers from a cross site scripting vulnerability.
013ce0474eb3119edf8938629f3cf1485ee96a3afaa5234d50e9c770f8c001ad
SimplyShare version 1.4 suffers from code execution, local file inclusion, cross site scripting, and command injection vulnerabilities.
06435c185640907d6002f6d7fd2570bf5f5e4cdb4ee43a71600c2ccbb4d362f2
PCMAN FTP version 2.07 ABOR command buffer overflow exploit.
207aacc82b71408ec13209815ed8aa5c33dcdd9974eff7bed97d008df270fc01
haneWIN DNS server version 1.5.3 structured exception handler (SEH) buffer overflow exploit.
5ff4049dea782c7dcd51a3676c2edd85d01ac652a47a47c3bf62de5c0bf51ed3
PCMAN FTP version 2.07 CWD command buffer overflow exploit.
686e1bb139fa8ceb51129b6bcc62b9df3c56b058ab7375350cf467d34d7e74da
Pandora FMS versions 5.0RC1 and below suffer from a code execution vulnerability.
2ba4bc2c2183c5acbae565b860f5f9eabe987ba0a399d204e52fc3e2151facf0
WordPress Photocrati Theme suffers from a cross site scripting vulnerability.
2c0a0d09eabe3d8c389700133ca742ee4514f4b658e287ca801e58421be8784e
Sitecore's special way of display XML controls allows for a cross site scripting attack.
332c44062becbe780354571679bbca0e59d1468bef6e56ac13e0ebfa8d53931a
A10 Networks Loadbalancer versions (Soft)AX 2.6.1-GR1-P5 and below and 2.7.0 build 217 and below suffer from a directory traversal vulnerability.
cd1d7881579b65ddec9b55be9bc64a68cfb6ab226deae42efa4a82f9439a111f
Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.
3581d647b9a2e8009d1d33ce3190ed76df5b93ae7c3bb78683ead1f423d79945
Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities.
7e14b6132c32b76074863b2d2bee5da28e1064c2155acfee7dc34c7d4969418f
An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G (DS and AS), and 10G AS Reports/Forms Standalone Installation, 11g if patch or workaround not applied. In 12g a code rewrite has mitigated this vulnerability.
2212ed674699348aa6036bb33d09aa0705d27be6a5efb384721f1dfc9cc92015
ManageEngine Support Center Plus versions 7916 and below suffer from a directory traversal vulnerability.
7f3d4cf2f0f2823e532afe04ee4652f5b01e45dec6270e68523714952b7cd42b