This archive contains all of the 107 exploits added to Packet Storm in August, 2014.
c0bd4ec0e7c6e58f66fd9639d9076a94d00be1b0b74a6f2be8d565a05411bf76
ManageEngine Desktop Central suffers from code execution and remote shell upload vulnerabilities.
10bd111ea2eac7377ab0c21dde2c9553725d2797491800a418dea4169e3ccb4a
WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability.
da1173acbf60ac4072b91b8343a4327a4c0c947abd480e34616ebb2f1ee3f2e3
Fat Free CRM suffers from a persistent cross site scripting vulnerability.
9085dbacf746f29e2840fb8a68bbb2ea21e2012f16cdfc567e0e81080f76a410
Sites powered by STI-CS appear to suffer from a reflective cross site scripting vulnerability. Note that this finding houses site-specific data.
6c7fa5c208f1047e4fd9453cf8b12c2019478074948bb94de73a566e703d5af0
MX-SmartTimer version 13.18.5.11 suffers from a remote SQL injection vulnerability.
910ee76b2728dd8b4e94d623049eb95c3fbecb201aad27d57ae75db99ae50833
EhsanWeb suffers from a reflective cross site scripting vulnerability in the forgot password flow. Note that this finding houses site-specific data.
29138f17af825bcde7951a3727aed93db07923cad7c6aef04cf1ada9b5fc9038
This Metasploit module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.
09304427dd22c7e28697ed8884a68eace55d46112a2478ec08167189b258e8b1
Microsoft Internet Explorer memory corruption proof of concept exploit that leverages the vulnerability noted in MS14-029.
600c25c1cc00d3311d1f22ed49481b0b5404a23c42a3bbb117e32002245af5c8
HTML Help Workshop version 1.4 SEH buffer overflow exploit.
cf425fc000aff0270a6469918766dbbe86edb540b07c13b03687a3cebaf99bad
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. Affected includes F5 BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, Enterprise Manager 3.x versions before 3.1.1 HF2.
f5a601d52bace71319785c4a4bfb38eecd8c7a083e7b2a88c883e44a078bdb89
NRPE version 2.15 remote command execution exploit written in Python.
c268de70bbf269dcf7e9d20818207c8f9d7979d2b3054cdd2d722e64c5890c38
DomainTrader Domain Parking and Auction Script version 2.5.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
9e1d059a854c7452d4e992af1f56cbf73f5ba81749003700ac74a405686063b5
Jappix suffers from a persistent cross site scripting vulnerability.
107180118407f89e40bf1d31d9e71d1f970b1b47742016591ef2b1a27d8e20e1
F5 BIG-IP versions 11.5.1 and below suffer from a reflective cross site scripting vulnerability.
90bc183e4916362d71c4474e9345d2f9d2041b58846f35012b0a395feaf2417a
ActualAnalyzer remote command execution exploit that leverages an eval.
8f2990bbfd3d05f330dbb9f7a0d5dc5d2bde4218361df5492b6297038b4bc115
Proof of concept exploit for PhpWiki that demonstrates a remote command injection vulnerability via the Ploticus module.
0537e551a6510f8813c0b1364ed2c664f69c09d7a2daea939ae50369296e203f
XRMS blind SQL injection exploit that leverages $_SESSION poisoning and achieves remote command execution.
22da305ed8f31ea31597071bebb8862e1bbef05d26a2868faaa7c5cd07486cbe
Plogger versions prior to 1.0-RC1 suffer from a remote authenticated arbitrary file upload vulnerability.
2229ede1572118bc72b109ff7e6d3bbcc1f082c43c519ec37c7328ee927f4032
This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.
d5cc945e074cb09855a57374de57a97262b3ec3bd1140179dace08bfcb49db35
ManageEngine DeviceExpert version 5.9 suffers from a user credential disclosure vulnerability.
51e22c92f98a813a1c5ec8301f8d7ed43adbe8dcd3be82e7f05dd0b625342ecf
WooCommerce Store Exporter version 1.7.5 suffers from multiple persistent cross site scripting vulnerabilities.
a5d12f02986706a41c3f927c97bff470f809205d60722035a0a4da41540c4874
Furniture Site Manager suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
eed7a3816e2b07e5e69779e732c4e7fb71add6fcbc27a1090a52dcf96ec86c59
glibc __gconv_translit_find() single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit.
330176e29f7a995ed48f5d0fc2ba71392f2e4a5144f7fae13882ef998e79a6d1
Grand MA 300/ID with firmware 6.60 has a weakness that allows the retrieval of the access pin from sniffed data, as well as a weakness that allows a fast brute-force attack on the pin.
c73e32f4a61efb4da53a29921041f8c4a0851a33cb60cbbd40518269570c7eb7