Exploit the possiblities
Showing 1 - 25 of 221 RSS Feed

Files

Packet Storm New Exploits For March, 2014
Posted Apr 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 220 exploits added to Packet Storm in March, 2014.

tags | exploit
systems | linux
MD5 | d72b75600e6892c028691bcc5275f990
PhonerLite 2.14 Digest Information Leak
Posted Mar 31, 2014
Authored by Jason Ostrom

PhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party. After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials.

tags | exploit, spoof, info disclosure
advisories | CVE-2014-2560
MD5 | 0486dc8fe4cf0fd6ac1c020c7c62d834
EMC Cloud Tiering Appliance 10.0 XXE Injection
Posted Mar 31, 2014
Authored by Brandon Perry

EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included.

tags | exploit, proof of concept
MD5 | 5ef5ecf90114c6f005126aa0d09028a9
Vanctech File Commander 1.1 LFI / File Upload
Posted Mar 31, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Vanctech File Commander version 1.1 for iOS suffers from local file inclusion and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
systems | apple, ios
MD5 | bdaff7b22874ae6069ad4a82ece8e9c4
AlienVault 4.5.0 SQL Injection
Posted Mar 31, 2014
Authored by Brandon Perry

AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included.

tags | exploit, remote, sql injection, proof of concept
MD5 | 6c8650d544f8d947671316e7fab76a0e
PhotoWIFI Lite 1.0 Command Injection / LFI / File Upload
Posted Mar 31, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PhotoWIFI Lite version 1.0 for iOS suffers from command injection, local file inclusion, and remote file upload vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion, file upload
systems | apple, ios
MD5 | 88b272304e6011e72c9b35e1f5d3e5f2
Primo CMS 6.2 Remote Command Execution
Posted Mar 31, 2014
Authored by Felipe Andrian Peixoto

Primo CMS version 6.2 suffers from a remote command injection vulnerability.

tags | exploit, remote
MD5 | cfcbb2971992728070136223544f30dd
Horde Webmail 5.1 Open Redirect
Posted Mar 31, 2014
Authored by Felipe Andrian Peixoto

Horde Webmail version 5.1 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 41a086bc828258d712166baf28979b44
WordPress Js-Multi-Hotel 2.2.1 XSS / DoS / Disclosure / Abuse
Posted Mar 31, 2014
Authored by MustLive

WordPress Js-Multi-Hotel plugin version 2.2.1 suffers from cross site scripting, abuse of functionality, denial of service, and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
MD5 | cbf6983c25cfcd9c51b58def73ef9795
AudioCoder 0.8.29 Memory Corruption
Posted Mar 31, 2014
Authored by sajith

AudioCoder version 0.8.29 memory corruption to code execution via SEH exploit.

tags | exploit, code execution
MD5 | c0da33b2e853f8d5afabcd45b387d6c4
Fitnesse Wiki Remote Command Execution
Posted Mar 28, 2014
Authored by Veerendra G.G, Jerzy Kramarz | Site metasploit.com

This Metasploit module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.

tags | exploit
advisories | CVE-2014-1216
MD5 | 42f6beeb835a921ce8418c6797220575
SePortal 2.5 SQL Injection / Remote Code Execution
Posted Mar 28, 2014
Authored by xistence, jsass | Site metasploit.com

This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2008-5191, OSVDB-46567
MD5 | 63435169c72cc2d2e9cc30ef51896580
Ajax Pagination 1.1 Local File Inclusion
Posted Mar 28, 2014
Authored by Glyn Wintle

Ajax Pagination version 1.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 182a531b5368c59241ffb27a0e1278d4
iStArtApp FileXChange 6.2 Command Injection / LFI / File Upload
Posted Mar 28, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

iStArtApp FileXChange version 6.2 for iOS suffers from command injection, local file inclusion, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | ios
MD5 | 70dae1718a79ae642e94afe4649efc42
WordPress HTML Sitemap 1.2 Cross Site Request Forgery
Posted Mar 28, 2014
Authored by Tom Adams

WordPress HTML Sitemap version 1.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 15c5fb3e31f742f1d305ea74fe6d222a
GD Star Rating 1.9.22 XSS / CSRF / SQL Injection
Posted Mar 28, 2014
Authored by Tom Adams

GD Star Rating version 1.9.22 suffers from cross site request forgery, cross site scripting, and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
MD5 | 55f7f773448bb33d99953fffa9cdb37c
Canon PIXMA MX722 Printer Wireless Password Disclosure
Posted Mar 28, 2014
Authored by Taylor Hornby

Canon PIXMA MX722 printer suffers from a WiFi password disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 8c091c0ab4ba66491ca381b75483768c
WordPress Business Intelligence 1.0.6 Shell Upload
Posted Mar 28, 2014
Authored by Manish Tanwar

WordPress wp-business-intelligence plugin version 1.0.6 suffers from a remote shell upload vulnerability due to including ofc_upload_image.php.

tags | exploit, remote, shell, php
MD5 | 08b10dacca3c19abadcf9a52eed81ece
ASP-Nuke 2.0.7 Open Redirect
Posted Mar 28, 2014
Authored by Felipe Andrian Peixoto

ASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.

tags | exploit, asp
MD5 | 320246de1354caff29a2016cda4dd56d
rexx Recruitment Cross Site Scripting
Posted Mar 27, 2014
Site redteam-pentesting.de

RedTeam Pentesting discovered a cross site scripting vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the rexx Recruitment installation's domain.

tags | exploit, arbitrary, javascript, xss
advisories | CVE-2014-1224
MD5 | 97986366cde5127bc8b94ed55a77a95a
ePhone Disk 1.0.2 LFI / Command Injection / DoS
Posted Mar 27, 2014
Authored by LariX4 | Site vulnerability-lab.com

ePhone Disk version 1.0.2 for iOS suffers from denial of service, command injection, and local file inclusion vulnerabilities.

tags | exploit, denial of service, local, vulnerability, file inclusion
systems | apple, ios
MD5 | a9d8e7302597789598c17b516d35827a
Easy FileManager 1.1 Local File Inclusion / Shell Upload
Posted Mar 27, 2014
Authored by Katharina S.L. | Site vulnerability-lab.com

Easy FileManager version 1.1 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | apple, ios
MD5 | da844dfe4dc1b982c9d5a2a077494c13
Joomla Kunena 3.0.4 Cross Site Scripting
Posted Mar 27, 2014
Authored by Qoppa

Joomla Kunena component version 3.0.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d1fd6ef0bb76b04879b38a999c4296f1
My Photo Wifi Share & PS 1.1 Command Injection
Posted Mar 27, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

My Photo Wifi Share & PS 1.1 for iOS suffers from a local command injection vulnerability.

tags | exploit, local
systems | apple, ios
MD5 | 2eafddfc5d30a542bb0f8ee1adcd872f
Lazybone Studios WiFi Music 1.0 LFI / Upload
Posted Mar 27, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Lazybone Studios WiFi Music 1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
systems | apple, ios
MD5 | 39f8cc2718f5a7c00e5f1367aade302d
Page 1 of 9
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
Forbes 30 Under 30 Conference Site Exposed Attendee Details
Posted Nov 15, 2017

tags | headline, privacy, data loss, flaw, conference
The Motherboard Guide To Not Getting Hacked
Posted Nov 15, 2017

tags | headline, hacker, privacy, data loss, fraud, identity theft
Votes In 18 Nations 'Hacked' In Last Year
Posted Nov 14, 2017

tags | headline, government, usa, russia, fraud, cyberwar, social
Shut The Front Door: Jewson Admits To Data Breach
Posted Nov 14, 2017

tags | headline, hacker, privacy, data loss
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close