This archive contains all of the 161 exploits added to Packet Storm in October, 2014.
d3984571a8227f9e7d13a88d6671d74cea13cecb585d4ce11eaa50e2afdfa3a3
This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.
f0660a3d09fcdb1e977b7a2ed03e9bcc85467482907cf22be2c2ec5a6986def7
The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).
8261951c34c305270d9eea3e7893a1426d99695fcb894956108ffdb81005bff3
HumHub Modules Mail version 0.5.8 suffers from a cross site scripting vulnerability.
5d486d924cef38f35b58c66507a77a11c4516b8ab01de348c10b1725d2d00229
F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
68d4f354b0d973cf37f4ea4987f8d6b16ad23d812b2d609f87994cab3ec9a0c3
F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
b2997932445d2a972bb7e72050b35577867bb098ef687555d229fed16ba3dd20
MAARCH version 1.4 suffers from a remote shell upload vulnerability.
b35ea4304093efcc9e1fcb0e0985b4afd39cc7d10320ccf4516e6271d234a661
MAARCH version 1.4 suffers from a remote SQL injection vulnerability.
986bd69b947f20c4fb05a048581ad91af57f7d9df664ebd522df005d122ae0b5
IBM Tivoli Monitoring version 6.2.2 kbbacf1 privilege escalation exploit.
492217fe528dbe8789eea4ee26e83de69720bc831bcfa5535ca3fc2f9c85359b
Konke Smart Plug suffers from an authentication bypass vulnerability.
70a5d770a806bbb0e65c4b4e3d443b57e16608f788d1ace098338f269b0cfc24
EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.
e33c9615c15deaf2aa5c5430c759697723b1f421e626c0389de5967685e1929a
Confluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.
f917e1fa23a7e5c921a521ba75b0eacfb0097970bf2bf78cc985cbf2ace18001
Joomla RD Download component suffers from a remote SQL injection vulnerability.
f9d63dd2aa36dce348509d77140267a331a149cfa6a084b1c13b9c8fc1a423a9
Nuevolabs Nuevoplayer for Clipshare suffer from privilege escalation and remote SQL injection vulnerabilities.
6c44c70bde9d3e5c36c90b6ce3442b7c08e038b7b9f03afecb1fc03ded77a914
This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.
5a376a0f4e8be0b42906123abc72f100a271655c6310963fc913fc7504861155
Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability.
86da9fb1bc835abec483555c432a4f2fdad5fb95976c56ab4f5e4085ea8b5631
Enalean Tuleap versions 7.2 and below suffer from an external XML entity injection vulnerability.
ab8a77cc2eda457cf59f902478e2f9d728886f29aedb8161746791a3af1fefc2
Enalean Tuleap versions 7.4.99.5 and below suffer from a remote, authenticated blind SQL injection vulnerability.
17e714a5c82970fcf9eb3939bc1da2a02d460e307f429a094407a26d9a63ff06
Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30 suffers from a buffer overflow vulnerability when handling .wax files.
302e7e5408a62bb0b8fa71f8365379786080916a1802f9c4f860e232d900c7e6
ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.
2ac6441238ee7b081bebbe85cb5cc78a62c50c26bd6433f839deaadbcc8214cd
This Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.
41b7d988b197d4b07886ef236a76dda4482ef1d09d5d87eb2dbc440af8850897
The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
2abfa7dcae36453b2de188ce94ee87d4e58078ce17f31bccfdccebada77aaca9
Google Youtube suffered from filter bypass and persistent cross site scripting vulnerabilities.
d770de406168763951c7b1e69b163ca364a37b4375bbbcfe787d71ddb976530c
Folder Plus version 2.5.1 suffers from a persistent script insertion vulnerability.
0d9379de014d59042085eb77716f79a35a01f81b490dc13cb07661d80dbf7b3e
Apple iOS version 8.0.2 suffers from a contact handling denial of service vulnerability.
a1a84f101f4184e559d71e0e1a38073ae08ce39f378f361a1febf0391522fef5