Twenty Year Anniversary
Showing 1 - 25 of 162 RSS Feed

Files

Packet Storm New Exploits For April, 2014
Posted May 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 162 exploits added to Packet Storm in April, 2014.

tags | exploit
systems | linux
MD5 | e460d0f803c0fe9cb0577b3c4f32ace7
BarracudaDrive 6.7.1 Cross Site Scripting
Posted Apr 29, 2014
Authored by Shakeel Bhat | Site secpod.com

BarracudaDrive version 6.7.1 suffers from multiple persistent and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 7f146b9bf6394a2953186ee40905845e
Lavarel-Security XSS Filter Bypass
Posted Apr 29, 2014
Authored by Rafay Baloch

Lavarel-Security cross site scripting filter suffers from a bypass vulnerability.

tags | exploit, xss, bypass
MD5 | 82d3e66a425cd7e997c924715a185f58
Adobe Flash Player Type Confusion Remote Code Execution
Posted Apr 29, 2014
Authored by bannedit, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability found in the ActiveX component of Adobe Flash Player. This vulnerability was found exploited in the wild in November 2013. This Metasploit module has been tested successfully on IE 6 to IE 10 with Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170 over Windows XP SP3 and Windows 7 SP1.

tags | exploit, activex
systems | windows, xp, 7
advisories | CVE-2013-5331
MD5 | 711da7fb2ca640490f5dd63b766555f1
NULL NUKE CMS 2.2 CSRF / XSS / SQL Injection / Shell Upload
Posted Apr 29, 2014
Authored by LiquidWorm | Site zeroscience.mk

NULL NUKE CMS version 2.2 suffers from cross site request forgery, cross site scripting, arbitrary file deletion, remote command execution, arbitrary file access, directory traversal, open redirection, and remote shell upload vulnerabilities.

tags | exploit, remote, arbitrary, shell, vulnerability, xss, csrf
MD5 | 01b991c11bd907e92e9e0fe124e11523
TRENDnet TEW-634GRU 1.00.23 Disclosure / DoS / Privilege Escalation
Posted Apr 28, 2014
Authored by SirGod

TRENDnet TEW-634GRU version 1.00.23 suffers from local file disclosure, router crash, and privilege escalation vulnerabilities.

tags | exploit, local, vulnerability
MD5 | ff4d4660c556bd5fbfcba64feaeef5b2
NTP DDoS Amplification
Posted Apr 28, 2014
Authored by Danilo PC

NTP ntpd monlist query reflection denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2013-5211
MD5 | ce7b989c80bd3e604a329625563a56e2
McAfee ePolicy Owner (ePowner) 0.1
Posted Apr 28, 2014
Authored by Jerome Nokin

McAfee ePolicy Owner (ePowner) version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5.

tags | exploit, arbitrary
systems | unix
advisories | CVE-2013-0140, CVE-2013-0141
MD5 | 555f12d5b8f53bed8b2f48fe792e333b
SEP Manager 12.1.2015.2015 Overflow Proof Of Concept
Posted Apr 28, 2014
Authored by Jerome Nokin

Symantec Endpoint Protection Manager version 12.1.2015.2015 SEH overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
systems | unix
advisories | CVE-2013-1612
MD5 | 71d31144dd6847abf9a9a81a58790df6
Cells Blog 3.4 Cross Site Scripting
Posted Apr 28, 2014
Authored by kurdish hackers team

Cells Blog version 3.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | d928aab9d1215ab4d4cba0925d8124e1
CalendarScript 3.2.1 Password Disclosure
Posted Apr 28, 2014
Authored by Felipe Andrian Peixoto

CalendarScript version 3.2.1 suffers from a remote password disclosure vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, info disclosure
MD5 | 9235d2fa6bd2c0fe6e3b33477e8c4d44
Adem 0.5.1 Local File Inclusion
Posted Apr 28, 2014
Authored by jiko

Adem version 0.5.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 0fb90ac095fbca5a1a0acde569f0abbe
Kmplayer 3.8.0.122 / 3.8.0.123 DLL Hijacking
Posted Apr 28, 2014
Authored by Aryan Bayaninejad

Kmplayer versions 3.8.0.122 and 3.8.0.123 suffer from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2014-2985
MD5 | 2678c8a6bbfd154ff21d85aa78402792
Tapatalk Forum Cross Site Scripting
Posted Apr 27, 2014
Authored by E. Burtay Sahin

Tapatalk Forum suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | ea88236c7caf6a2d7dc52473f0219dcb
Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow
Posted Apr 25, 2014
Authored by j0sm1, Wesley Neelen | Site metasploit.com

This Metasploit module triggers a stack buffer overflow in Wireshark versions 1.8.12/1.10.5 and below by generating an malicious file.

tags | exploit, overflow
advisories | CVE-2014-2299
MD5 | c1d1883ef4ffcc01f9e239f60c1474e6
Mac OS X NFS Mount Privilege Escalation
Posted Apr 25, 2014
Authored by joev, Kenzley Alphonse | Site metasploit.com

This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result by passing a large size, a local user can overwrite the stack with arbitrary content. Mac OS X Lion Kernel versions equal to and below xnu-1699.32.7 except xnu-1699.24.8 are affected.

tags | exploit, overflow, arbitrary, kernel, local
systems | apple, osx
MD5 | 5e92458e6004639f97065439cc18b2ba
VideoWhisper 7 Cross Site Scripting
Posted Apr 25, 2014
Authored by Mahmoud Ghorbanzadeh

VideoWhisper version 7 for Drupal suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-2715
MD5 | 420ae5908f83a2a2be00b7009860fe51
Depot WiFi 1.0.0 Code Execution / Local File Inclusion
Posted Apr 25, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Depot WiFi version 1.0.0 for iOS suffers from code execution and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, code execution, file inclusion
systems | apple, ios
MD5 | 89ce18d0f4c5d07f5485e2204b90e74b
GeoCore MAX DB 7.3.3 Blind SQL Injection
Posted Apr 25, 2014
Authored by Esac

GeoCore MAX DB version 7.3.3 suffers from a time-based remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | fa87c2b7acee25605a4406675eed639a
WordPress iMember360is 3.9.001 XSS / Disclosure / Code Execution
Posted Apr 25, 2014
Authored by Everett Griffiths

WordPress iMember360is plugin versions 3.8.012 through 3.9.001 suffers from arbitrary code execution, database credential disclosure, arbitrary user deletion, and cross site scripting vulnerabilities.

tags | exploit, arbitrary, vulnerability, code execution, xss, info disclosure
MD5 | d359e63a8e1d080f3473c5684422d0e0
WordPress Work-The-Flow 1.2.1 Shell Upload
Posted Apr 25, 2014
Authored by nopesled

WordPress Work-The-Flow plugin version 1.2.1 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 47c3c851c37db9b68fe46d03c70935ca
Kolibri 2.0 Stack Buffer Overflow
Posted Apr 25, 2014
Authored by Polunchis

Kolibri version 2.0 GET request stack buffer overflow exploit that spawns a bindshell on TCP/4444.

tags | exploit, overflow, tcp
MD5 | f94a81f95f22810ef479da3bbf04f01f
InfraRecorder 0.53 Unicode Buffer Overflow
Posted Apr 25, 2014
Authored by Osanda Malith

InfraRecorder version 0.53 suffers from a unicode buffer overflow vulnerability.

tags | exploit, denial of service, overflow
MD5 | b81093b36ed94c0eea149c99d406ff9f
WordPress Echelon Theme Shell Upload
Posted Apr 25, 2014
Authored by th3rockst3r

The WordPress Echelon theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 650579ea6f120de4ce14622b61ca22d7
xnews 3-0-0 Cross Site Scripting
Posted Apr 25, 2014
Authored by kurdish hackers team | Site kurdteam.org

xnews version 3-0-0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3881e9a3a6e9cfe722d4473e851a2898
Page 1 of 7
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

Top Authors In Last 30 Days

Recent News

News RSS Feed
Greenwich University Hit With Massive Data Breach Fine
Posted May 22, 2018

tags | headline, privacy, britain, data loss
Spectre Chip Security Vulnerability Strikes Again
Posted May 22, 2018

tags | headline, flaw, intel
Comcast Website Bug Leaks Xfinity Customer Data
Posted May 22, 2018

tags | headline, privacy, data loss, flaw
High-End Router Flinger DrayTek Admits To Zero Day In Bunch Of Vigor Kit
Posted May 22, 2018

tags | headline, wireless, flaw, zero day
Teen Phone Monitoring App Leaked Thousands Of Passwords
Posted May 21, 2018

tags | headline, privacy, phone, data loss, password, spyware
Google Offers Free DDoS Protection Services For Democracy
Posted May 21, 2018

tags | headline, government, denial of service, google
Blunder Burns Unicorn Attack That Exploited Windows And Reader
Posted May 20, 2018

tags | headline, hacker, malware, microsoft, flaw, adobe
Fake Fortnite Malware Apps Are Spreading
Posted May 19, 2018

tags | headline, malware
Cambridge Analytica Starts Bankruptcy Proceedings In US
Posted May 19, 2018

tags | headline, government, privacy, usa, britain, fraud, facebook
Mirai Botnet Adds Three New Attacks To Target IoT Devices
Posted May 19, 2018

tags | headline, malware, botnet
View More News →
packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close