This archive contains all of the 161 exploits added to Packet Storm in October, 2014.
d3984571a8227f9e7d13a88d6671d74cea13cecb585d4ce11eaa50e2afdfa3a3This Metasploit module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root privileges.
f0660a3d09fcdb1e977b7a2ed03e9bcc85467482907cf22be2c2ec5a6986def7The software encryption tool McAfee Endpoint Encryption for Removable Media (EERM) which is part of the data protection software McAfee Endpoint Encryption for Files and Folders (EEFF) uses a static and thus predictable salt for generating password hashes using the password-based key derivation function 2 (PBKDF2). Due to the use of a predictable, hard-coded salt, it is possible for an attacker to precompute password candidates and thus to perform more efficient dictionary attacks against the password-based authentication with the use of rainbow tables (time-memory trade-off).
8261951c34c305270d9eea3e7893a1426d99695fcb894956108ffdb81005bff3HumHub Modules Mail version 0.5.8 suffers from a cross site scripting vulnerability.
5d486d924cef38f35b58c66507a77a11c4516b8ab01de348c10b1725d2d00229F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
68d4f354b0d973cf37f4ea4987f8d6b16ad23d812b2d609f87994cab3ec9a0c3F5 Big-IP version 11.3.0.39.0 suffers from an XML external entity injection vulnerability.
b2997932445d2a972bb7e72050b35577867bb098ef687555d229fed16ba3dd20MAARCH version 1.4 suffers from a remote shell upload vulnerability.
b35ea4304093efcc9e1fcb0e0985b4afd39cc7d10320ccf4516e6271d234a661MAARCH version 1.4 suffers from a remote SQL injection vulnerability.
986bd69b947f20c4fb05a048581ad91af57f7d9df664ebd522df005d122ae0b5IBM Tivoli Monitoring version 6.2.2 kbbacf1 privilege escalation exploit.
492217fe528dbe8789eea4ee26e83de69720bc831bcfa5535ca3fc2f9c85359bKonke Smart Plug suffers from an authentication bypass vulnerability.
70a5d770a806bbb0e65c4b4e3d443b57e16608f788d1ace098338f269b0cfc24EspoCRM version 2.5.2 suffers from cross site scripting, local file inclusion, and improper access control vulnerabilities.
e33c9615c15deaf2aa5c5430c759697723b1f421e626c0389de5967685e1929aConfluence RefinedWiki Original Theme versions 3.x through 4.0.x suffer from a persistent cross site scripting vulnerability.
f917e1fa23a7e5c921a521ba75b0eacfb0097970bf2bf78cc985cbf2ace18001Joomla RD Download component suffers from a remote SQL injection vulnerability.
f9d63dd2aa36dce348509d77140267a331a149cfa6a084b1c13b9c8fc1a423a9Nuevolabs Nuevoplayer for Clipshare suffer from privilege escalation and remote SQL injection vulnerabilities.
6c44c70bde9d3e5c36c90b6ce3442b7c08e038b7b9f03afecb1fc03ded77a914This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.
5a376a0f4e8be0b42906123abc72f100a271655c6310963fc913fc7504861155Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability.
86da9fb1bc835abec483555c432a4f2fdad5fb95976c56ab4f5e4085ea8b5631Enalean Tuleap versions 7.2 and below suffer from an external XML entity injection vulnerability.
ab8a77cc2eda457cf59f902478e2f9d728886f29aedb8161746791a3af1fefc2Enalean Tuleap versions 7.4.99.5 and below suffer from a remote, authenticated blind SQL injection vulnerability.
17e714a5c82970fcf9eb3939bc1da2a02d460e307f429a094407a26d9a63ff06Mini-stream RM-MP3 Converter version 3.1.2.1.2010.03.30 suffers from a buffer overflow vulnerability when handling .wax files.
302e7e5408a62bb0b8fa71f8365379786080916a1802f9c4f860e232d900c7e6ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.
2ac6441238ee7b081bebbe85cb5cc78a62c50c26bd6433f839deaadbcc8214cdThis Metasploit module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This Metasploit module has been tested successfully on Windows XP SP3, Windows 2003 SP2, Windows 7 SP1 and Windows 2008 32bits. Also on Windows 7 SP1 and Windows 2008 R2 SP1 64 bits.
41b7d988b197d4b07886ef236a76dda4482ef1d09d5d87eb2dbc440af8850897The CBN CH6640E/CG6640E wireless gateway series suffers from information disclosure, cross site request forgery, cross site scripting, and denial of service vulnerabilities.
2abfa7dcae36453b2de188ce94ee87d4e58078ce17f31bccfdccebada77aaca9Google Youtube suffered from filter bypass and persistent cross site scripting vulnerabilities.
d770de406168763951c7b1e69b163ca364a37b4375bbbcfe787d71ddb976530cFolder Plus version 2.5.1 suffers from a persistent script insertion vulnerability.
0d9379de014d59042085eb77716f79a35a01f81b490dc13cb07661d80dbf7b3eApple iOS version 8.0.2 suffers from a contact handling denial of service vulnerability.
a1a84f101f4184e559d71e0e1a38073ae08ce39f378f361a1febf0391522fef5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed