seeing is believing
Showing 1 - 25 of 146 RSS Feed

Files

Packet Storm New Exploits For February, 2015
Posted Mar 2, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 146 exploits added to Packet Storm in February, 2015.

tags | exploit
systems | linux
MD5 | 7f4efc02a8478f987315981ae643b094
Loxone Smart Home CSRF / XSS / DoS / Credential Leakage
Posted Feb 28, 2015
Authored by Daniel Schwarz | Site sec-consult.com

Loxone Smart Home versions prior to 6.3 suffer from cross site request forgery, cross site scripting, poor credential handling, unencrypted transport, denial of service, and various other vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, csrf
MD5 | 1eca007870c808350891d18c9a87ae8a
HelpDezk 1.0.1 Shell Upload / Code Execution / Disclosure
Posted Feb 28, 2015
Authored by Dennis Veninga

HelpDezk version 1.0.1 suffers from remote shell upload, code execution, and information disclosure vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, info disclosure, file upload
MD5 | 77c30ff2b3e3366120f5ffcc34175fe4
Tcl 1.16 Cross Site Scripting
Posted Feb 27, 2015
Authored by Ben Fuhrmannek

Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b45b1a12b367ac80e8483e2a6a010cee
WordPress Media Cleaner 2.2.6 Cross Site Scripting
Posted Feb 27, 2015
Authored by Ismail Saygili

WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 27b91f8024f9b8854a18bbd1c46a9b43
Electronic Arts Origin Client 9.5.5 Privilege Escalation
Posted Feb 27, 2015
Authored by LiquidWorm | Site zeroscience.mk

Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.

tags | exploit, vulnerability
MD5 | bfba5993bc16a2002cd2e30a77a99518
Jetty 9.2.8 Shared Buffer Leakage
Posted Feb 27, 2015
Authored by Stephen Komal, Gotham Digital Science

Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.

tags | exploit, remote, web, arbitrary, proof of concept, info disclosure
advisories | CVE-2015-2080
MD5 | c61f9be0240289b47c5323b41d606933
Wireless File Transfer Pro Android Cross Site Request Forgery
Posted Feb 27, 2015
Authored by Hadji Samir | Site vulnerability-lab.com

Wireless File Transfer Pro Android suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 000a5b4b921b8883bfb50ba4d38ddfb1
Data Source: Scopus CMS SQL Injection
Posted Feb 27, 2015
Authored by P0!s0nC0d3 | Site vulnerability-lab.com

Data Source: Scopus CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d343d99d13bbc91801ab4660f8f62a07
DSS TFTP 1.0 Path Traversal
Posted Feb 27, 2015
Authored by lucyoa | Site vulnerability-lab.com

DSS TFTP version 1.0 suffers from a path traversal vulnerability.

tags | exploit
MD5 | 576a30aeeb555d05cea797261d7c1462
D-Link / TRENDnet ncc2 CSRF / Unauthenticated Access
Posted Feb 27, 2015
Authored by Peter Adkins

Multiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.

tags | exploit, vulnerability, proof of concept, csrf
MD5 | 81d882c48de34b97c98609a5658d4695
Collabtive 2.0 Cross Site Scripting
Posted Feb 27, 2015
Authored by Provensec

Collabtive version 2.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | bd715d01ca7028390da81bc5e2fde991
Akeneo PIM Cross Site Scripting
Posted Feb 27, 2015
Authored by Provensec

Akeneo PIM suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 773f686014273ce4b42e5c893e2794b7
eFront Learning 3.6.11 Cross Site Scripting
Posted Feb 27, 2015
Authored by Provensec

eFront Learning version 3.6.11 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 0393af4fc6785949849ca3d737b61ab0
TangoBB 1.5.0-A3 Cross Site Scripting
Posted Feb 26, 2015
Authored by Dennis Veninga

TangoBB version 1.5.0-A3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4d13ad6178f50e593beebc36f19fa18b
Enano CMS 1.1.8pl1 Cross Site Scripting
Posted Feb 26, 2015
Authored by Dennis Veninga

Enano CMS version 1.1.8pl1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 539d2c273daaded546415cf1f393b241
Cisco Ironport AsyncOS Cross Site Scripting
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | cisco
advisories | CVE-2013-6780
MD5 | 4c0bad7bf4b2320ee31c8e1ed00b6ee5
Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation
Posted Feb 25, 2015
Authored by LiquidWorm | Site zeroscience.mk

Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.

tags | exploit
MD5 | 1824ce0969f550927ece68359aa4496e
Cisco Ironport AsyncOS HTTP Header Injection
Posted Feb 25, 2015
Authored by Glafkos Charalambous

Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.

tags | exploit, web
systems | cisco
advisories | CVE-2015-0624
MD5 | efc1e99a99ec5130712e73f124c95960
SAP Business Objects Unauthorized File Repository Server Write
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2074
MD5 | 6400ea3dc6719c9c7853f0bb6fe9e15e
SAP Business Objects Unauthorized File Repository Server Read
Posted Feb 25, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.

tags | exploit
advisories | CVE-2015-2073
MD5 | 87b279e3bf1dadae088a0315669fd7f5
SEO Toaster E-Commerce 2.2.0 Cross Site Scripting
Posted Feb 25, 2015
Authored by Ankit Bharathan

SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | f97bf280c4adf692c9308d01e0231617
Webgate Buffer Overflow
Posted Feb 24, 2015
Authored by Praveen Darshanam

Various Webgate technology suffers from multiple buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
MD5 | d7f1d508c1e75c1afd6aef2d60782593
EVO-CMS 2.1.0 Cross Site Request Forgery
Posted Feb 24, 2015
Authored by Provensec

EVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8ff1382fce326f1eca85ff1db2d2bda8
WordPress Holding Pattern Theme Arbitrary File Upload
Posted Feb 24, 2015
Authored by Alexander Borg | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

tags | exploit, web, php, file upload
advisories | CVE-2015-1172
MD5 | d1b66d38da77d884c66e007db4bb02d9
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
OAIC Received 114 Voluntary Data Breach Notifications In Two Years
Posted Oct 19, 2017

tags | headline, hacker, privacy, australia, data loss
US-CERT Predicts Machine Learning To Become Security Risk
Posted Oct 19, 2017

tags | headline, flaw
ATM Malware Available Online For Online $5,000
Posted Oct 18, 2017

tags | headline, malware, bank, cybercrime, fraud
Oracle Swats 252 Bugs In Patch Update
Posted Oct 18, 2017

tags | headline, flaw, patch, oracle
Child Safety Smartwatches Easy To Hack, Watchdog Says
Posted Oct 18, 2017

tags | headline, privacy, flaw
Domino's Pizza Delivers User Details To Spammers
Posted Oct 18, 2017

tags | headline, privacy, email, spam, fraud
Microsoft Never Disclosed 2013 Hack Of Secret Vulnerability Database
Posted Oct 18, 2017

tags | headline, hacker, microsoft, data loss, flaw
Adobe Patches Zero-Day Used To Plant Gov't Spying Software
Posted Oct 17, 2017

tags | headline, hacker, government, usa, flaw, cyberwar, adobe, zero day, nsa
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close