This archive contains 224 exploits that were added to Packet Storm in March, 2015.
ff2d4f6a5e0d36e7a400694be6896782332b861bb542ff96067e295fc65f2246This Metasploit module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, who can fill the memory and notify the main thread to corrupt the new contents. This Metasploit module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.296.
bb349a822c1cc70d4d8f5f21a7eac4a134384b42aa63d3ce02ebae6b666c8b6aThis Metasploit module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default. Unless targetting a local user either set the DOMAIN, or specify a UPN user format (e.g. user@domain). This uses the CreateProcessWithLogonW WinAPI function. A custom command line can be sent instead of uploading an executable. APPLICAITON_NAME and COMMAND_LINE are passed to lpApplicationName and lpCommandLine respectively. See the MSDN documentation for how these two values interact.
9708939c73c492103ede2da0dee3008422e7c17f9e1ed2961f1a52f94e096c31This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console" and the "JMX Console" are protected or disabled.
2f89a911033600e43c401de947c053ee9c90b4063ccb92f8ff41a305ec2aa1aaPalo Alto Traps Server (formerly Cyvera Endpoint Protection) version 3.1.2.1546 suffers from a persistent cross site scripting vulnerability.
2a5453f88566d77d7e19e2aff808085c16343d88f9a63b35afd70af9ca9d1ff8Fedora 21 setroubleshootd local root proof of concept exploit.
11547b584c917b7adec234f03ba707e23f8dbd3a90635d158af5ff31b4a7e6b8FiyoCMS version 2.0.1.8 suffers from url bypass, cross site scripting, and remote SQL injection vulnerabilities.
470d9cc24c0c32460aaed00b5873729ab9615222c8ae2e650bff9aa3cc74a162Joomla Gallery WD component suffers from a remote SQL injection vulnerability.
b474d36529f730c41b9a954fc193ce5a1b3d73db25832f3ec198d4787eed5909Joomla Contact Form Maker component version 1.0.1 suffers from a remote SQL injection vulnerability.
c72c33feb4b25c9235eb9d9cbf2368498704c1d5d0f542f88ca3d988ddf92a7cWebDepo CMS suffers from a remote SQL injection vulnerability.
f56f63f5febb8cdd466c97568d2d801a1f2724b2c57e61fbaf91feeeb476dc43ProjectPier version 0.8.8 SP2 suffers from a cross site scripting vulnerability.
8405f0debc4bd59bdf121d4d4769a460a5529cb51ef81d22175d4907a68b8d03HTTrack Website Copier version 3.48-21 suffers from a dll hijacking vulnerability.
5b24d7f3119441e77c5e3e6a20e6015752be4c78cb1e43d2901fe525ffef2574WordPress Aspose Importer and Exporter plugin version 1.0 suffers from an arbitrary file download vulnerability.
8be70304bc73a2fce09d3c01c02b74c8a0d4d802ca303d85456977cb45bd45c8BZR Player version 1.03 suffers from a dll hijacking vulnerability.
0fbb6fd6fe0814d46a51fcecaf7188da9a584d6adcd094845e90931c419be24aUltraISO version 9.6.2.3059 suffers from a dll hijacking vulnerability.
76c71a688dbad49346ec895688927f92c9f86a3655403d3252cbd68166306a0cWordPress Aspose PDF Exporter plugin suffers from an arbitrary file download vulnerability.
1ffd4f7657e572760a2a7a2208b972d910c2e268df6c4f7fc9817750e8daf078WordPress Aspose Doc Exporter plugin suffers from an arbitrary file download vulnerability.
84dfbe2929095980e143d513dd3bd79f51a639dcb3c65727c539b46a251b7be7ZIP Password Recovery Professional version 7.1 suffers from a dll hijacking vulnerability.
4aab9cb58a11f4c6355cf00d3b1ed0d38077aa67527637ae66e038677d2c47c9GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities.
6fb18dfd80ce463f675f713e9ebec9b8c5a991abc545cf1b1fbf82cc2f64697bAppweb Web Server suffers from a denial of service vulnerability.
e59a4ebe08e7c3f7777a2c603a71d5db8d059f0c0ece77091aadd4aa5da52401WordPress AB Google Map Travel (AB-MAP) plugin version 4.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
dbd0939d53280d5f0c1443437fc3c64a3c5ad487379041dd2756ab5536b86ce4A remote unauthenticated user can change the password of any Manage Engine Desktop Central user with the Administrator role (DCAdmin).
4e564bd659684313462675a23bdcdb7cff6e5368a61d78b38a3ee71428ffb7f0WebGate WinRDS version 2.0.8 suffers from a StopSiteAllChannel stack overflow vulnerability.
7484b0bcf3d1e469356ad299ee2cba7f18f007b4e21729c676d7230e1f1e2a47Internet Download Manager version 6.20 suffers from a local buffer overflow vulnerability.
ea86e49c3a444a60d3b5c98219843360bca802d317a568dcc2c43328eeaa2b0fAfterLogic WebMail Lite allows for an unauthenticated user to set an administrative password.
bf60678dc4156a2c4163e6ba2c9b3dc300a0635313915e2001465b0a83a9262a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed