This archive contains all of the 158 exploits added to Packet Storm in September, 2014.
81e439aa508cca46d13331ea18cff9058479738a2b374e9b407aadaf61ac213e
Adobe Flash version 14.0.0.145 copyPixelsToByteArray() heap overflow proof of concept exploit.
166a57b3405bb750c323b5344a65f63fcd9ab165a71edf5188ec594b3a88fa98
PayPal's Service Manager allows for malicious script insertion into emails.
32c3aa2d32434412f3ba18de975e91934321b06699145ab95fd13bb62b1133cf
PayPal's Bill Later finance marketing site suffered from a cross site scripting vulnerability.
2b0d6091a34a9d8ef2eac452a58ceb133de6b66079bc93dab4ae7d302dbdb150
WordPress All In One Security and Firewall plugin version 3.8.3 suffers from multiple cross site scripting vulnerabilities.
db783d9eb3082219bd9f83769b870c5ad53985269cc356b78213878cfeeb2f14
WordPress Refraction theme suffers from cross site scripting, path disclosure, and content spoofing vulnerabilities.
c816398f2c96c3e445f7ab98c1fcf691ac315402025d625f6886a12e52cce0b7
Moab suffers from an insecure message signing authentication bypass vulnerability. All versions up to 8 can be affected depending on the configuration.
85a019a8c4de29f5f84586a14f07c354e859db1b6a19ccec9cbb5d70e45cbcea
Moab versions prior to 7.2.9 and 8 suffer from a user impersonation vulnerability.
06269ab2431aa1292e9d181643ace50442b15f7c22b2ca8e0be470c5e444f592
Moab versions prior to 7.2.9 and 8 suffer from a dynamic reconfiguration authentication bypass issue that allows for remote code execution.
1d947c3d312bda1ccebc5c7622d54bcdfee0aa44575fcd3b9fa4410d0c6e6878
IPFire versions 2.15 and below core 82 authenticated CGI remote command injection exploit that leverages the bash vulnerability.
012683f158b1fbd6670d51a9c56bc769954678884f249efc8a122651350705c8
This Metasploit module exploits a stack buffer overflow in HP Network Node Manager I (NNMi). The vulnerability exists in the pmd service, due to the insecure usage of functions like strcpy and strcat while handling stack_option packets with user controlled data. In order to bypass ASLR this module uses a proto_tbl packet to leak an libov pointer from the stack and finally build the rop chain to avoid NX.
ed8dcf6077fc962dee63928b9374f08f765d9613b6097985fa09b44f33f8d338
Bacula-web version 5.2.10 suffers from a remote SQL injection vulnerability.
8521ccbd84f8d2b97a8e8662f43056c2baefd4521bdf1a0434f2258ddfd95c17
This Metasploit module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.
e9c53edc4a81c1f18958ddfa8f5eddf60866488e72784884428750e9a058b73b
ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities.
375e267357239b52901647072b3a0b930fa59bec9185067e661bf2bcb84fcf70
AllMyGuests version 0.4.1 suffers from bypass via malformed cookies, remote SQL injection, and cross site scripting vulnerabilities.
f47761659053ee4c4dd3cdb085e36ec23e26920bfc02e9ec2dd44de4b627b3c5
WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
83da12e41fe8a52bf90f4d659a6a4eb3c4147e951cc5121e09d3c3df702d14ea
Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 5.0 bypass exploit that leverages the issue outlined in MS12-037.
876b8cd7e67c79c669947885b557203c13c38a1e58f07a2be3d86ba1ee061f95
ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.
142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852
This Metasploit module tests vulnerable IIS HTTP header file paths on Microsoft Exchange OWA 2003, CAS 2007, 2010, 2013 servers.
9b7a26362762262f505e7f02227cb75f7b373f2560a109697a283d98dbb104e4
When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.
5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1e
Exinda WAN Optimization Suite version 7.0.0 (2160) suffers from cross site request forgery and cross site scripting vulnerabilities.
83a1c7b092131f1cef204e879001c5cba65704e647207c15e65081dd1833f4a3
Openfiler version 2.99.1 suffers from a denial of service vulnerability.
77276520dc721a9252188a8e714c3de354590e5c280083c46c4ff2b5c0c6fc20
Comersus Sophisticated Cart suffers from a database disclosure vulnerability.
25c2756e45e2fc406368fc0f33725428c30b6538434bd0559dfd5ca5cbeddc61
Oscommerce version 2.3.4 suffers from cross site scripting, HTTP parameter pollution, and local file inclusion vulnerabilities.
8d1dd2e6442e15ac36b712ca7250cbff8a6c970b84e1efbe78af8cdac497642a
NDBLOG version 0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd65952f3824e00cc2a80344ad64d4d621e1ec5e3aa4745efa0abfdc2cc09023