This archive contains 174 exploits that were added to Packet Storm in April, 2015.
67480065aa8abecec85b2ad4c8cb36f1b82c6d8fedcfa0b5e7d84c41fd389464
This document details a stack based buffer overflow vulnerability within TestDisk version 6.14. A buffer overflow is triggered within the software when a malicious disk image is attempted to be recovered. This may be leveraged by an attacker to crash TestDisk and gain control of program execution. An attacker would have to coerce the victim to run TestDisk against their malicious image.
7a37d596089ffb1fa811b151734f591791c8d53219a3fdd9ea5cf26e1b134cc6
SevDesk version 1.1 suffers from a persistent script insertion vulnerability in the application dashboard.
b44b3d91f0262e0b448dcfc054371b496431ca08b92de3910209721ad41b89f1
Foxit Reader versions 7.1.3.320 and below suffer from a pdf parsing memory corruption vulnerability.
bd04944c6132e51165de2cd47879e4605bc439659bd47936955cab36552e79aa
OS Solution OSProperty version 2.8.0 suffers from a remote SQL injection vulnerability.
afb9d76a0580b59eef035727449af6742f88e1ec6208060bf24d021e74f952d4
Ninja privilege escalation detection and prevention system version 0.1.3 suffers from a race condition vulnerability.
0c04f125429ae3d5bf78e45cae4f47cf93b72213a6ec0a6ae100e2ab1807e2e3
WordPress TheCartPress plugin version 1.3.9 suffers from local file inclusion, improper access control, and cross site scripting vulnerabilities.
c7864d1f9f6c456cfb191d7c8ce59288c2188a532e7d7d1111c6f0c87c396032
A type confusion vulnerability was discovered in exception object's __toString()/getTraceAsString() method that can be abused for leaking arbitrary memory blocks or heap overflow.
b3a8329c29d10dca9d7ddc4c0f46af58e29999c11da31e6009cf9c41975e1db6
A type confusion vulnerability was discovered in unserialize() with SoapFault object's __toString() magic method that can be abused for leaking arbitrary memory blocks.
628689009bd04f420924af79082ba1d3c89d666f96215bfa8944020190c85c15
Wing FTP Server Admin version 4.4.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
baa33a8db697aa73d142896a3bba1e7eae95cd119c23f80057b7d2cef956a942
Using a crafted tar file bsdtar can perform an out-of-bounds memory read which will lead to a SEGFAULT. The issue exists when the executable skips data in the archive. The amount of data to skip is defined in byte offset [16-19]. If ASLR is disabled, the issue can lead to high CPU load, and potential CPU exhaustion in single-core hosts.
fd0fb753afd7d4f8141a07df1844dc319539bc557bf657925079de4444885e9a
Untangle NGFW versions 9 through 11 suffer from a cross site scripting vulnerability that can allow for remote code execution as root. They also suffer from an information disclosure vulnerability. This is a follow up discussing additional attack vectors not previously disclosed in the prior advisory.
e86c9969d013c35f87d327a8f236b5f675e69ae24e898f23a4e957c0d77bf3ad
PayPal's Marketing web service suffered from a remote code execution vulnerability due to running a JDWP server.
9853c32d02d8c001fa92b9d3e97eabbcee48dfa8b41649e9b38b8311a72758ca
SonicWall SonicOS versions 7.5.0.12 and 6.x suffer from a client-side cross site scripting vulnerability.
677993c8c06c4decc97efbcbd2bfa770f60f4cac9d6303c6d4ea13229d44530c
Core Security Technologies Advisory - The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable.
43fb2590b9fc435e2c9ebe21968f5729e87d0846d203db8e44a8e274d09e864c
ProjectSend version r561 suffers from cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.
29d896ac590fb902688a8def54fd8f901bc1d97ee250f682f184d6620674de0e
WordPress Exquisite Ultimate Newspaper theme version 1.3.3 suffers from a cross site scripting vulnerability.
5638e9618253bdbda4e9cb5c3397585b53f03bbb25f90ea69aec66e823644843
WordPress version 4.2 suffers from a persistent cross site scripting vulnerability.
ef94590cf5768ff21a652878473304f3150a74395f438f8b10ecd2800eee2c48
UniPDF version 1.2 buffer overflow SEH overwrite denial of service proof of concept exploit.
934be4720b0e5b95ac2e7b102bbe4bd5203c2d9abc16b79d5c687604745e30ce
MiniUPnPd version 1.0 stack overflow remote code execution exploit for AirTies RT Series. Provides a reverse shell.
498f2c5bf24844ab26545a5525a97f66a570ba969b3a46e477e4b93e5982d9b2
OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability.
2e3f4aa9bd8270be5647e928e03c289520cddaae59e541df172d313c213650b7
VideoSpirit Pro version 1.91 buffer overflow with SEH bypass exploit.
4a610b7c8fb559b4026157db23297421051705f258bfe8264267c8d6838a889f
Simple proof of concept tool to leverage remote code execution on the Legend perl IRC bot.
7ed64a03ba8a28e4a3162e46f413835566f71dbc30233138782e899686ac85d9
WordPress WooCommerce Amazon Affiliates plugin version 7.0 suffers from file disclosure and remote shell upload vulnerabilities.
6bf85916f8328ca14bfba59426f65b3d54e44bb1f87dfe285d315cafe7390693
This Metasploit module exploits an arbitrary file upload in the WordPress WPshop eCommerce plugin versions 1.3.3.3 to 1.3.9.5. It allows you to upload arbitrary PHP code and get remote code execution. This Metasploit module has been tested successfully on WordPress WPshop eCommerce 1.3.9.5 with WordPress 4.1.3 on Ubuntu 14.04 Server.
f619d802b93d34eebff17a8861709268616692a3263b82947bee155839965331