accept no compromises
Showing 1 - 25 of 159 RSS Feed

Files

Packet Storm New Exploits For September, 2014
Posted Oct 1, 2014
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 158 exploits added to Packet Storm in September, 2014.

tags | exploit
systems | linux
MD5 | 04486e0946a9bb3abc4f6450bc333d86
Adobe Flash 14.0.0.145 copyPixelsToByteArray() Heap Overflow
Posted Sep 30, 2014
Authored by hdarwin

Adobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.

tags | exploit, overflow, proof of concept
advisories | CVE-2014-0556
MD5 | 0207c53ba1944d087a0b3831d6a36056
PayPal Service Manager Script Insertion
Posted Sep 30, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal's Service Manager allows for malicious script insertion into emails.

tags | exploit
MD5 | 48335bc05a4fa63fa055167295ec71d2
PayPal Bill Later Mail Encoding Cross Site Scripting
Posted Sep 30, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

PayPal's Bill Later finance marketing site suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 217d06d4cc71fa423adbd02515035c93
WordPress All In One Security And Firewall 3.8.3 XSS
Posted Sep 30, 2014
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

WordPress All In One Security and Firewall plugin version 3.8.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 81b16d9d97a2f3d29f85bdadfc1b8471
WordPress Refraction Theme XSS / Content Spoofing / Path Disclosure
Posted Sep 30, 2014
Authored by MustLive

WordPress Refraction theme suffers from cross site scripting, path disclosure, and content spoofing vulnerabilities.

tags | exploit, spoof, vulnerability, xss, info disclosure
MD5 | 73028b597e6d128de88486c10fd3cb86
Moab Insecure Message Signing Authentication Bypass
Posted Sep 30, 2014
Authored by Luke Jennings, John Fitzpatrick

Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration.

tags | exploit, bypass
advisories | CVE-2014-5376
MD5 | 2e16b32d63612f6f95c59d77b259644c
Moab User Impersonation
Posted Sep 30, 2014
Authored by John Fitzpatrick

Moab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability.

tags | exploit
advisories | CVE-2014-5375
MD5 | 99ccfde4a6ae090028b013791b0e6a8f
Moab Dynamic Configuration Authentication Bypass
Posted Sep 30, 2014
Authored by John Fitzpatrick

Moab versions prior to 7.2.9 and 8 suffer from a dynamic reconfiguration authentication bypass issue that allows for remote code execution.

tags | exploit, remote, code execution, bypass
advisories | CVE-2014-5300
MD5 | f79a6145682714490c4cdccc40200b92
IPFire 2.15 Bash Command Injection
Posted Sep 30, 2014
Authored by Claudio Viviani

IPFire versions 2.15 and below core 82 authenticated CGI remote command injection exploit that leverages the bash vulnerability.

tags | exploit, remote, cgi, bash
advisories | CVE-2014-6271
MD5 | e2a2ccabb016bafab88591a66884fb3a
HP Network Node Manager I PMD Buffer Overflow
Posted Sep 30, 2014
Authored by juan vazquez, d(-_-)b | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.

tags | exploit, overflow
advisories | CVE-2014-2624
MD5 | a8a2a76607a70daeb0d23f9e78b13e70
Bacula-web 5.2.10 SQL Injection
Posted Sep 29, 2014
Authored by wishnusakti

Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | aba83d17730816d3afd9a423dcf39fa4
ManageEngine OpManager / Social IT Arbitrary File Upload
Posted Sep 29, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

tags | exploit, file upload
systems | linux, windows
advisories | CVE-2014-6034
MD5 | 3ac0a97ee0f4513ac71569d9742530b6
ManageEngine Code Execution / File Deletion
Posted Sep 29, 2014
Authored by Pedro Ribeiro

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, file inclusion
advisories | CVE-2014-6034, CVE-2014-6035, CVE-2014-6036
MD5 | c2f10bd10aa41959bbf908e92f8797f5
AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling
Posted Sep 29, 2014
Authored by indoushka

AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 0e91409675aa251b721ca5330cf6ec2e
WordPress Users Ultra 1.3.37 SQL Injection
Posted Sep 29, 2014
Authored by XroGuE

WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
MD5 | 7156cf41114759b3f6497b18c9a8eda3
Internet Explorer 8 Fixed Col Span ID Full ASLR, DEP, And EMET 5.0 Bypass
Posted Sep 29, 2014
Authored by sickness, ryujin

Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.

tags | exploit, bypass
advisories | CVE-2012-1876
MD5 | 7d28f375517fbc935fe27864665a6455
GNU Bash 4.3 Command Injection
Posted Sep 29, 2014
Authored by Juan Sacco

ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.

tags | exploit, bash
advisories | CVE-2014-6271
MD5 | 0ecea14d4d4acb00d92ab4a37560803b
Outlook Web App (OWA) / Client Access Server (CAS) IIS HTTP Internal IP Disclosure
Posted Sep 29, 2014
Authored by Nate Power | Site metasploit.com

This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.

tags | exploit, web, info disclosure
MD5 | eafa43771f313779174c92917d0efc66
Dhclient Bash Environment Variable Injection
Posted Sep 27, 2014
Authored by egypt, Stephane Chazelas | Site metasploit.com

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.

tags | exploit, shell, code execution, bash
advisories | CVE-2014-6271
MD5 | 3906040148097bfee9fc17f307249281
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS
Posted Sep 27, 2014
Authored by William Costa

Exinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2014-7157, CVE-2014-7158
MD5 | 1411d0fd750fb4d961f6c80e3b6360c5
Openfiler 2.99.1 Denial Of Service
Posted Sep 27, 2014
Authored by Dolev Farhi

Openfiler version 2.99.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2014-7190
MD5 | 2ca55a7c25f4af0bd92ffea3030db72a
Comersus Sophisticated Cart Database Disclosure
Posted Sep 27, 2014
Authored by indoushka

Comersus Sophisticated Cart suffers from a database disclosure vulnerability.

tags | exploit, info disclosure
MD5 | d4f9f225f04d8fbc08e8b801376105a3
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Posted Sep 27, 2014
Authored by indoushka

Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.

tags | exploit, web, local, vulnerability, xss, file inclusion
MD5 | c5d7d61c26578bae90881c31217dc5ce
NDBLOG 0.1 Cross Site Scripting / SQL Injection
Posted Sep 27, 2014
Authored by indoushka

NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 05e1ee90242e8c548600ac8f3215a928
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
Equifax Removes Webpage After Malware Issue
Posted Oct 12, 2017

tags | headline, malware, fraud, flaw, adobe
Malware Checks Into Hyatt Hotels Again
Posted Oct 12, 2017

tags | headline, privacy, malware, bank, cybercrime, data loss, fraud
Rick And Morty Episode? Nope, Another CoinMiner
Posted Oct 12, 2017

tags | headline, fraud, cryptography
Judge Says US Government Has No Right To Rummage Through Anti-Trump Protest Website Logs
Posted Oct 12, 2017

tags | headline, government, privacy, usa, fraud
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close