This archive contains all of the 220 exploits added to Packet Storm in March, 2014.
51349b5abbde8e1fd6bd4fef4c6c16203f245c7bcdb7688e99fad92c2497ef0d
PhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party. After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials.
7a34b13b986e3c819eec422d90f73dfa5a7fe4225fdb3fbe73a15891c3c278e5
EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included.
8191ae1d7b8520f1907f9a4102488831c9cce91d284f870d73ce4c7105f6ce7c
Vanctech File Commander version 1.1 for iOS suffers from local file inclusion and remote file upload vulnerabilities.
4cdbd24ff9f1d7ae738fbdc61b7fbef14fde6a8dd945fdee07e390600c8d5657
AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included.
40ee4d126c36742998c3f763beb792fa2eaff2e289df522b3fa9296d803a35a6
PhotoWIFI Lite version 1.0 for iOS suffers from command injection, local file inclusion, and remote file upload vulnerabilities.
9359a3d21802973d03730bfc312fb55fed478a1b39122f4166292c87c4f0dd57
Primo CMS version 6.2 suffers from a remote command injection vulnerability.
f990681225f7a22b115820d8c6849ce605618fbcd204bdfafd97a632de467801
Horde Webmail version 5.1 suffers from an open redirection vulnerability.
f3bfdd6bd23da3ad823bbc2c0e6dd878f8671a1ae58971fcb65267ec1cb64052
WordPress Js-Multi-Hotel plugin version 2.2.1 suffers from cross site scripting, abuse of functionality, denial of service, and path disclosure vulnerabilities.
b0710350332e42b116bfa62641fb48da142ad7b2686b5d41ac322c55648e6fbf
AudioCoder version 0.8.29 memory corruption to code execution via SEH exploit.
0f1d5e9ac2a09a11a1cf2de974edcdd6ae678079675b1f5f5aca4fa2fa9c1130
This Metasploit module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.
ea5185af9eacbf5f8ba32b49f0b348feaf5aeb8b06d576421ac1861e3bd61b62
This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.
523ae89437abd95ee2b8adbfe4b6eb79e71f45e8218d4bcec51f35af6aab99d6
Ajax Pagination version 1.1 suffers from a local file inclusion vulnerability.
69e08cc5d2ea4848004a83b725d70d5539504575928edebeba5a13590e8b2878
iStArtApp FileXChange version 6.2 for iOS suffers from command injection, local file inclusion, and remote shell upload vulnerabilities.
8b098835b2928b1e01d165f8e8bde1efd4aab6d93048b1a9c54783e43ca561bf
WordPress HTML Sitemap version 1.2 suffers from a cross site request forgery vulnerability.
201994735e80fa917f6e5059cc2ed56952c108819c09e3f473ea49a528417d57
GD Star Rating version 1.9.22 suffers from cross site request forgery, cross site scripting, and remote blind SQL injection vulnerabilities.
796f545fbb705c4802204cc3c44a1363749e626b8c4b713647a53112da55d889
Canon PIXMA MX722 printer suffers from a WiFi password disclosure vulnerability.
053f0b5c3da36eac0eb319318f27ed23717cee605d73853ff649d554743a60d9
WordPress wp-business-intelligence plugin version 1.0.6 suffers from a remote shell upload vulnerability due to including ofc_upload_image.php.
cfc6ca57ddaae7ce436b3f1dd3b109d8d363bf14d5bbb4a97697b3c2cec8fbff
ASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.
902da011bf746423d5b241e17da52bd86559dbc0d84acce478a7761e2d717453
RedTeam Pentesting discovered a cross site scripting vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the rexx Recruitment installation's domain.
2b99dd93bd3ef7fa35d56eedd30ce42a17be27a43d0080a86eaa47f243c72d0b
ePhone Disk version 1.0.2 for iOS suffers from denial of service, command injection, and local file inclusion vulnerabilities.
876448f07c5c05553462fd3177290aada26c9cd5919baeae2680fd062cfff2f7
Easy FileManager version 1.1 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
4b5d69b0cae3c7cd9e89f17f629e2e25283338e269c0c4155401deba8739d35b
Joomla Kunena component version 3.0.4 suffers from a cross site scripting vulnerability.
5824c2fb1d088d434657130d4759d89055357306437bfbb01644799d4d520267
My Photo Wifi Share & PS 1.1 for iOS suffers from a local command injection vulnerability.
e53e7d5c9f0ee9f794d19da2f54e4d471361b0256775259c8d71dc2f551e08df
Lazybone Studios WiFi Music 1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
11ad45715114d7c206751facff6d0a7e57d0ce6d720031cf785b958467b939ed