This archive contains all of the 158 exploits added to Packet Storm in September, 2014.
81e439aa508cca46d13331ea18cff9058479738a2b374e9b407aadaf61ac213eAdobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.
166a57b3405bb750c323b5344a65f63fcd9ab165a71edf5188ec594b3a88fa98PayPal's Service Manager allows for malicious script insertion into emails.
32c3aa2d32434412f3ba18de975e91934321b06699145ab95fd13bb62b1133cfPayPal's Bill Later finance marketing site suffered from a cross site scripting vulnerability.
2b0d6091a34a9d8ef2eac452a58ceb133de6b66079bc93dab4ae7d302dbdb150WordPress All In One Security and Firewall plugin version 3.8.3 suffers from multiple cross site scripting vulnerabilities.
db783d9eb3082219bd9f83769b870c5ad53985269cc356b78213878cfeeb2f14WordPress Refraction theme suffers from cross site scripting, path disclosure, and content spoofing vulnerabilities.
c816398f2c96c3e445f7ab98c1fcf691ac315402025d625f6886a12e52cce0b7Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration.
85a019a8c4de29f5f84586a14f07c354e859db1b6a19ccec9cbb5d70e45cbceaMoab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability.
06269ab2431aa1292e9d181643ace50442b15f7c22b2ca8e0be470c5e444f592Moab versions prior to 7.2.9 and 8 suffer from a dynamic reconfiguration authentication bypass issue that allows for remote code execution.
1d947c3d312bda1ccebc5c7622d54bcdfee0aa44575fcd3b9fa4410d0c6e6878IPFire versions 2.15 and below core 82 authenticated CGI remote command injection exploit that leverages the bash vulnerability.
012683f158b1fbd6670d51a9c56bc769954678884f249efc8a122651350705c8This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.
ed8dcf6077fc962dee63928b9374f08f765d9613b6097985fa09b44f33f8d338Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.
8521ccbd84f8d2b97a8e8662f43056c2baefd4521bdf1a0434f2258ddfd95c17This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73bManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.
f47761659053ee4c4dd3cdb085e36ec23e26920bfc02e9ec2dd44de4b627b3c5WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
83da12e41fe8a52bf90f4d659a6a4eb3c4147e951cc5121e09d3c3df702d14eaInternet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.
876b8cd7e67c79c669947885b557203c13c38a1e58f07a2be3d86ba1ee061f95ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.
142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.
5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1eExinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.
83a1c7b092131f1cef204e879001c5cba65704e647207c15e65081dd1833f4a3Openfiler version 2.99.1 suffers from a denial of service vulnerability.
77276520dc721a9252188a8e714c3de354590e5c280083c46c4ff2b5c0c6fc20Comersus Sophisticated Cart suffers from a database disclosure vulnerability.
25c2756e45e2fc406368fc0f33725428c30b6538434bd0559dfd5ca5cbeddc61Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.
8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642aNDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed