This archive contains all of the 220 exploits added to Packet Storm in March, 2014.
51349b5abbde8e1fd6bd4fef4c6c16203f245c7bcdb7688e99fad92c2497ef0dPhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5 digest authenticated user credential hash via spoofed SIP INVITE message sent by a malicious 3rd party. After responding back to an authentication challenge to the BYE message, PhonerLite leaks the hashed MD5 digest credentials.
7a34b13b986e3c819eec422d90f73dfa5a7fe4225fdb3fbe73a15891c3c278e5EMC Cloud Tiering appliance version 10.0 suffers from an unauthenticated XXE injection vulnerability. Metasploit module proof of concept is included.
8191ae1d7b8520f1907f9a4102488831c9cce91d284f870d73ce4c7105f6ce7cVanctech File Commander version 1.1 for iOS suffers from local file inclusion and remote file upload vulnerabilities.
4cdbd24ff9f1d7ae738fbdc61b7fbef14fde6a8dd945fdee07e390600c8d5657AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included.
40ee4d126c36742998c3f763beb792fa2eaff2e289df522b3fa9296d803a35a6PhotoWIFI Lite version 1.0 for iOS suffers from command injection, local file inclusion, and remote file upload vulnerabilities.
9359a3d21802973d03730bfc312fb55fed478a1b39122f4166292c87c4f0dd57Primo CMS version 6.2 suffers from a remote command injection vulnerability.
f990681225f7a22b115820d8c6849ce605618fbcd204bdfafd97a632de467801Horde Webmail version 5.1 suffers from an open redirection vulnerability.
f3bfdd6bd23da3ad823bbc2c0e6dd878f8671a1ae58971fcb65267ec1cb64052WordPress Js-Multi-Hotel plugin version 2.2.1 suffers from cross site scripting, abuse of functionality, denial of service, and path disclosure vulnerabilities.
b0710350332e42b116bfa62641fb48da142ad7b2686b5d41ac322c55648e6fbfAudioCoder version 0.8.29 memory corruption to code execution via SEH exploit.
0f1d5e9ac2a09a11a1cf2de974edcdd6ae678079675b1f5f5aca4fa2fa9c1130This Metasploit module exploits a vulnerability found in Fitnesse Wiki, version 20140201 and earlier.
ea5185af9eacbf5f8ba32b49f0b348feaf5aeb8b06d576421ac1861e3bd61b62This Metasploit module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user session. After logging in, the "/admin/downloads.php" page will be used to upload arbitrary code.
523ae89437abd95ee2b8adbfe4b6eb79e71f45e8218d4bcec51f35af6aab99d6Ajax Pagination version 1.1 suffers from a local file inclusion vulnerability.
69e08cc5d2ea4848004a83b725d70d5539504575928edebeba5a13590e8b2878iStArtApp FileXChange version 6.2 for iOS suffers from command injection, local file inclusion, and remote shell upload vulnerabilities.
8b098835b2928b1e01d165f8e8bde1efd4aab6d93048b1a9c54783e43ca561bfWordPress HTML Sitemap version 1.2 suffers from a cross site request forgery vulnerability.
201994735e80fa917f6e5059cc2ed56952c108819c09e3f473ea49a528417d57GD Star Rating version 1.9.22 suffers from cross site request forgery, cross site scripting, and remote blind SQL injection vulnerabilities.
796f545fbb705c4802204cc3c44a1363749e626b8c4b713647a53112da55d889Canon PIXMA MX722 printer suffers from a WiFi password disclosure vulnerability.
053f0b5c3da36eac0eb319318f27ed23717cee605d73853ff649d554743a60d9WordPress wp-business-intelligence plugin version 1.0.6 suffers from a remote shell upload vulnerability due to including ofc_upload_image.php.
cfc6ca57ddaae7ce436b3f1dd3b109d8d363bf14d5bbb4a97697b3c2cec8fbffASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.
902da011bf746423d5b241e17da52bd86559dbc0d84acce478a7761e2d717453RedTeam Pentesting discovered a cross site scripting vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an attacker-controlled website, they are able to run arbitrary JavaScript code in the context of the rexx Recruitment installation's domain.
2b99dd93bd3ef7fa35d56eedd30ce42a17be27a43d0080a86eaa47f243c72d0bePhone Disk version 1.0.2 for iOS suffers from denial of service, command injection, and local file inclusion vulnerabilities.
876448f07c5c05553462fd3177290aada26c9cd5919baeae2680fd062cfff2f7Easy FileManager version 1.1 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
4b5d69b0cae3c7cd9e89f17f629e2e25283338e269c0c4155401deba8739d35bJoomla Kunena component version 3.0.4 suffers from a cross site scripting vulnerability.
5824c2fb1d088d434657130d4759d89055357306437bfbb01644799d4d520267My Photo Wifi Share & PS 1.1 for iOS suffers from a local command injection vulnerability.
e53e7d5c9f0ee9f794d19da2f54e4d471361b0256775259c8d71dc2f551e08dfLazybone Studios WiFi Music 1.0 for iOS suffers from local file inclusion and remote shell upload vulnerabilities.
11ad45715114d7c206751facff6d0a7e57d0ce6d720031cf785b958467b939ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed