This archive contains all of the 194 exploits added to Packet Storm in February, 2014.
a8fd62e9bf38ed32f4e068b84772b5b803b9c1c52828d122b550562b241a3495
couponPHP CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
3424adcf3750526c3ad5db516a473a6917df3b4be803f24e12ea579a6c567178
Plex Media Server versions 0.9.9.2.374-aa23a69 and below suffer from authentication bypass and local file disclosure vulnerabilities.
5056a9a5be5beee1b56ca5f4a45fd08b7e9f849a4edabf46ffd88ef7a0b91dcc
VCDGEAR version 3.50 suffers from a stack-based buffer overflow vulnerability.
cb961af2bca01d29fd25f5557c887ef11ef4b84f120be86f6e88cd1dacfae565
Microsoft Office 365 Outlook suffers from filter bypass and script insertion vulnerabilities.
62b66dd6d9ff9e97f54097141a7c5a0963019f71b236a0ddbf8a9f91660e8884
OrangeHRM version 3.1.1 suffers from a cross site scripting vulnerability.
3b65169d1d14ac1150889cf5e9994426d9e97b2dd4c7b3c770c4c4ba5cb3fced
SpagoBI version 4.0 suffers from an administrative privilege escalation vulnerability.
08879394f05ec3888c94bd4b06561081d45aa1549a6e63d70b7be33bbcfe4f7f
webERP version 4.11.3 suffers from a remote SQL injection vulnerability.
091426128f12768577b963c2f22904bdfc2ad9fae57c064028ed00bf91950df8
doorGets version 6.0 suffers from cross site scripting and information disclosure vulnerabilities.
7ea8c4da27977ad4397ff6d51fe3f33b00a1b62766c3b49f7a2c6aaa2c4ddb2f
MICROSENS Profi Line Modular Industrial Switch Web Manager version 10.3.1 suffers from a privilege escalation vulnerability.
a0ae9096d79c1c275cffec3bdc2deea7b44431121dc864efe994e588286bebca
This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE. The last one can be executed remotely through the WebView server. This Metasploit module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded CimWebServer. This Metasploit module starts a WebDAV server to provide the malicious BCL files. When the target hasn't the WebClient service enabled, an external SMB service is necessary.
b26303cb1fa471041439c64a8b439bb47d11b4fd3e3adb2f2cd74c8afe861e4f
This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player\". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8.
1f04d25c90604cfb3feef7e42ed26fa00fa4daa52f342fd876bac3be2f18a6be
EPESI CRM version 1.5.5-20140113 suffers from a persistent cross site scripting vulnerability.
026a893c034a92535a4cf7780fda14637b3835abe0f7893b8871eef16238e6eb
GDL version 4.2 suffers from cross site scripting, remote SQL injection, and directory traversal vulnerabilities.
a2af5485e545cabecf2e75ea83fde5bf5e181a48d18e8692ad4bd7969b5431ed
Music AlarmClock version 2.1.0 crash denial of service proof of concept exploit.
f1ba8364030a6a5c7158b1bafb05e5786475fd559dc419712d636c2531746a45
VideoWhisper Live Streaming Integration version 4.27.3 suffers from cross site scripting, remote shell upload, information exposure, and path traversal vulnerabilities.
8589343b28cf5465cb971032b90d3806ffa103808d0ea8ff3382c08d32bb6003
GoldMP4Player version 3.3 local buffer overflow exploit.
e5381967f3870c2e06479eae5f6fe202bb149136fc53d671df52b80010800799
The German Telekom website suffered from a local file inclusion vulnerability.
b7fa37b22bc4bbcb19ac1e882d221051ad4c3c393229e09724ecba5cb14413d5
Bluetooth Photo Share Pro version 2.0 suffers from local file inclusion and remote arbitrary file upload vulnerabilities.
373723247bb674fdb182129aadcb6edbb943fb7ba1f53545391908392eb3d231
GroupOffice version 5.0.44 suffers from multiple cross site scripting vulnerabilities.
5e9ecb41f455fc5ce8462aa3f2c84f75038ea0fb008529aa2033cd378c59c892
PHP-CMDB version 0.7.3 suffers from cross site scripting and remote SQL injection vulnerabilities.
a67d8b34f99f51d05ba0d86b8dd9d16c2587342e99d7267c8f8f0d015c02ef63
X2Engine version 3.7.3 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.
d3c14e2d6ce07bb3835b1588b086b2b1c63408940f717a399617a80e062e48bc
PHP Calendar version 2.0.1 suffers from multiple cross site scripting and information disclosure vulnerabilities.
d2a72263079a61bd29ed5e7830991d421fa3083c72d80bbfeee5123fb35db2d3
Moodle version 2.6.1 suffers from multiple cross site scripting vulnerabilities.
f982e66358058f04f37c7d3427ec64943263e1f5f996338826132ed3cb5e0ea1
Open-School Community Edition version 2.2 suffers from multiple persistent cross site scripting vulnerabilities.
8cfad8b0dbd6d1dc9edaaf32671ea326da8545af162c775f2ba22e84502b655e