Exploit the possiblities
Showing 1 - 25 of 175 RSS Feed

Files

Packet Storm New Exploits For April, 2015
Posted May 1, 2015
Authored by Todd J. | Site packetstormsecurity.com

This archive contains 174 exploits that were added to Packet Storm in April, 2015.

tags | exploit
systems | linux
MD5 | 5744c0a65d8ae04b94163d82b585781c
TestDisk 6.14 Check_OS2MB Stack Buffer Overflow
Posted Apr 30, 2015
Authored by Denis Andzakovic | Site security-assessment.com

This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.

tags | exploit, overflow
MD5 | 2521c3152c3d6fc2762392cde1c3fcff
SevDesk 1.1 Persistent Script Insertion
Posted Apr 30, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SevDesk version 1.1 suffers from a persistent script insertion vulnerability in the application dashboard.

tags | exploit
MD5 | 09197f21ea718b8bf47d21e9d1933056
Foxit Reader 7.1.3.320 Memory Corruption
Posted Apr 29, 2015
Authored by Francis Provencher

Foxit Reader versions 7.1.3.320 and below suffer from a pdf parsing memory corruption vulnerability.

tags | exploit
systems | linux
MD5 | 1af48838dac7fbc9bebf3ace9a05d41e
OS Solution OSProperty 2.8.0 SQL Injection
Posted Apr 29, 2015
Authored by Brandon Perry

OS Solution OSProperty version 2.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4c15ec7cbcbae7ab163d547d32c2e885
Ninja 0.1.3 Race Condition
Posted Apr 29, 2015
Authored by Ben Sheppard

Ninja privilege escalation detection and prevention system version 0.1.3 suffers from a race condition vulnerability.

tags | exploit
MD5 | 57487581b06892f5097c7cd3e8ac91a8
WordPress TheCartPress 1.3.9 XSS / Local File Inclusion
Posted Apr 29, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
advisories | CVE-2015-3300, CVE-2015-3301, CVE-2015-3302
MD5 | 3acb628ebbb13834d60aadd0dc84e2a6
PHP Exception Type Confusion / Heap Overflow
Posted Apr 29, 2015
Authored by Taoguang Chen

A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.

tags | exploit, overflow, arbitrary
MD5 | 8afe590264b8c1583445b8633990ca08
PHP SoapFault Type Confusion
Posted Apr 29, 2015
Authored by Taoguang Chen

A type confusion vulnerability was discovered in unserialize() with SoapFault object's __toString() magic method that can be abused for leaking arbitrary memory blocks.

tags | exploit, arbitrary
MD5 | 43a3a21f04943d792c09aff693570595
Wing FTP Server Admin 4.4.5 CSRF / Cross Site Scripting
Posted Apr 28, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Wing FTP Server Admin version 4.4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 17198b67bf04123bd49be9fc5a91bacb
Libarchive Malformed cpio Archive Crash
Posted Apr 28, 2015
Authored by Project Zero Labs, Paris Zoumpouloglou

Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19]. If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts.

tags | exploit, denial of service
systems | linux
MD5 | 202494b3df158caf728e2f3def35a83c
Untangle Cross Site Scripting / Information Disclosure
Posted Apr 28, 2015
Authored by Calum Hutton

Untangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root. They also suffer from an information disclosure vulnerability. This is a follow up discussing additional attack vectors not previously disclosed in the prior advisory.

tags | exploit, remote, root, code execution, xss, info disclosure
MD5 | eb4e53cef7fdf997f36e0a08806fb4c2
PayPal JDWP Remote Code Execution
Posted Apr 28, 2015
Authored by Milan A Solanki | Site vulnerability-lab.com

PayPal's Marketing web service suffered from a remote code execution vulnerability due to running a JDWP server.

tags | exploit, remote, web, code execution
MD5 | 0df30ada655f6262ffa2093c6145240f
SonicWall SonicOS 7.5.0.12 / 6.x Cross Site Scripting
Posted Apr 28, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

SonicWall SonicOS versions 7.5.0.12 and 6.x suffer from a client-side cross site scripting vulnerability.

tags | exploit, xss
MD5 | e70b188fea42dfb0e5bd539ddae7e318
InFocus IN3128HD Projector Missing Authentication
Posted Apr 28, 2015
Authored by Core Security Technologies, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.

tags | exploit, web, cgi
advisories | CVE-2014-8383, CVE-2014-8384
MD5 | e263ea03f930df38de1f6bc467a26735
ProjectSend r561 CSRF / XSS / Shell Upload
Posted Apr 28, 2015
Authored by TUNISIAN CYBER

ProjectSend version r561 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
MD5 | 1bd909727e65c9b2220c4b4786060ff9
WordPress Exquisite Ultimate Newspaper 1.3.3 Cross Site Scripting
Posted Apr 28, 2015
Authored by Osama Mahmood

WordPress Exquisite Ultimate Newspaper theme version 1.3.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 96783ec388e2a7ce632feecb9cfbd926
WordPress 4.2 Cross Site Scripting
Posted Apr 27, 2015
Authored by Jouko Pynnonen | Site klikki.fi

WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 27519b865c9c00195a89fd8e9072caba
UniPDF 1.2 Buffer Overflow
Posted Apr 27, 2015
Authored by Avinash Kumar Thapa

UniPDF version 1.2 buffer overflow SEH overwrite denial of service proof of concept exploit.

tags | exploit, denial of service, overflow, proof of concept
MD5 | 9274e44ab931e12b78e8a88e2c4299b3
MiniUPnPd 1.0 Stack Overflow
Posted Apr 27, 2015
Authored by Onur Alanbel

MiniUPnPd version 1.0 stack overflow remote code execution exploit for AirTies RT Series. Provides a reverse shell.

tags | exploit, remote, overflow, shell, code execution
advisories | CVE-2013-0230
MD5 | 09e159e8ed358e48a1ade244adad715e
OTRS 3.x Cross Site Scripting
Posted Apr 27, 2015
Authored by Adam Ziaja

OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-1695
MD5 | a9df1e7295e3755e2687b8adc789ba0f
VideoSpirit Pro 1.91 Buffer Overflow
Posted Apr 27, 2015
Authored by evil_comrade

VideoSpirit Pro version 1.91 buffer overflow with SEH bypass exploit.

tags | exploit, overflow
MD5 | ecb97d950c0f0ff8d426a10645623e0e
Legend Perl IRC Bot Remote Code Execution
Posted Apr 27, 2015
Authored by Jay Turla

Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.

tags | exploit, remote, perl, code execution, proof of concept
MD5 | 3b15b371ee3f1b458ce633d12ca2c3cb
WordPress WooCommerce Amazon Affiliates 7.0 Shell Upload / File Disclosure
Posted Apr 26, 2015
Authored by Evex

WordPress WooCommerce Amazon Affiliates plugin version 7.0 suffers from file disclosure and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, info disclosure
MD5 | 2044037e38852e4d4550e8ac2ed830f0
WordPress WPshop eCommerce 1.3.9.5 Shell Upload
Posted Apr 24, 2015
Authored by g0blin | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress WPshop eCommerce plugin versions 1.3.3.3 to 1.3.9.5. It allows you to upload arbitrary PHP code and get remote code execution. This Metasploit module has been tested successfully on WordPress WPshop eCommerce 1.3.9.5 with WordPress 4.1.3 on Ubuntu 14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
MD5 | 47f05fc1fec0514454d17074ff974ce7
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
NYPD Cops Need A Warrant To Snoop On Your Phone
Posted Nov 17, 2017

tags | headline, government, privacy, usa, phone
Oracle Scrambles To Fix Security Flaws In Tuxedo
Posted Nov 17, 2017

tags | headline, database, flaw, oracle
Github To Devs: Now You'll Get Security Alerts On Flaws In Popular Software Libraries
Posted Nov 17, 2017

tags | headline, flaw
Keystone Pipeline Leaked 210,000 Gallons Of Oil In South Dakota
Posted Nov 17, 2017

tags | headline, flaw
Cash Converters Reveals Data Breach
Posted Nov 16, 2017

tags | headline, hacker, cybercrime, data loss, fraud, identity theft
Kaspersky Defends Its Role In NSA Breach
Posted Nov 16, 2017

tags | headline, government, malware, usa, russia, data loss, spyware, nsa
McAfee Anti-Hacking Service Exposed Users To Banking Malware
Posted Nov 16, 2017

tags | headline, malware, bank, cybercrime, fraud, flaw, identity theft, mcafee
DJI Bug Bounty NDA Is 'Not Signable', Say Irate Infosec Researchers
Posted Nov 16, 2017

tags | headline, hacker, flaw
Government Just Figures Out You Can Hack Planes Remotely Due To Poor Design
Posted Nov 15, 2017

tags | headline, government, usa, flaw, terror
UK Security Chief Blames Russia For Hacks
Posted Nov 15, 2017

tags | headline, hacker, government, britain, russia, cyberwar
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close