This archive contains 183 exploits that were added to Packet Storm in June, 2015.
c485e814d9dca35aa730e3f9d1befce8762864f7f8245cfc3268dcdbe23f9958
The Watchguard XCS virtual appliance contains a number of vulnerabilities, including unauthenticated SQL injection, command execution and privilege escalation. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host. Versions 10.0 and below are affected.
21607839bbbdd227a1fed5a3aae9f1e09f5c3ba5d6cf448a29b254d43dbc7f66
Wedge Networks WedgeOS Virtual Appliance contains a number of security vulnerabilities, including unauthenticated arbitrary file read as root, command injection in the web interface, privilege escalation to root, and command execution via the system update functionality. Versions 4.0.4 and below are affected.
18dd393ace4d14161649a80f893aaf38c39cd9fa4882db05ddf096eaeca05aa0
The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the tail action. Fixed in version 5.0. Version 4.0.11 is affected.
3a33fc1ca00a370d70ae632d4e5ff2d50d6aebfcfe2f943cfc2b1fac21f6187a
NetIQ Access Manager is vulnerable to XXE injection attacks.
5ab83fb7455997ac3fe10dc835a9bc56e92d52e2ce04391ac1b7bb994f39d5dc
The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "listViewItem" parameter of the "index" action. Fixed in version 5.0. Version 4.0.11 is affected.
056057c0fb271eb7d3df3d949644529069ad9b220d3cea13dac2b89f6483c3e0
The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the show action. Fixed in version 5.0. Version 4.0.11 is affected.
a81a00d4e11ec10f5cba3ea70751d59751a88dc2fb69e74a400c31265fe07b31
GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.
214f9d30727be2c3b2b4aa78f18251e30e604ff0e311e01b438ee81349215f74
MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.
cc5594fe51b541c29a67c4f947fe79867dc8f20ce2d1a907d2968a07693ea31e
Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.
88134155e61bdad17b0695015d75b1a5facc81ef1cec5a352d986ba9cfb5b831
Novius OS version 5.0.1-elche suffers from cross site scripting, local file inclusion, and open redirection vulnerabilities.
f4fd9696fbbf3cb4bb30f39d3adbbe123d467ec115259459a177a9cf9bd7f1e9
The CollabNet Subversion Edge Management Frontend allows authenticated admins to read arbitrary local files via logfile "filename" parameter of the "downloadHook" action. Fixed in version 5.0.
37d936d9d7e63a4ff0e4d5ba93bd86e716a8d053ae486aae462f028a417603cc
The CollabNet Subversion Edge Management Frontend leaks the unsalted MD5 hash of password of the currently logged in user via a "POST /csvn/user/index" request. An attacker that exploits an XSS or has gained a valid session via other means is able to retrieve the unsalted MD5 hash of the corresponding user and easily crack the hash in order to know the users password. Fixed in version 5.0.
1d88ce5b1e015850cee7a266039f0317d57a1d11a0b2b10402aefdd630149ba1
Two exploits for Huawei Home Gateway versions HG530 and HG520b that allow for password disclosure and password change.
34153720563cde72b885eab1bf23d3c0496dfd344433d5815451d5624f2154ec
The CollabNet Subversion Edge Management Frontend allows authenticated administrators to escalate their privileges by creating and executing hook scripts. As a result they are able to execute arbitrary commands as the user the Management Frontend is running under without authenticating with valid credentials. Fixed in version 5.0.
6367d80f85ed6df597af815bf79b0b9c35711023632a3e93c0eae53e289e7171
C2Box version 4.0.0 r19171 suffers from a cross site request forgery vulnerability.
3260a9f8f243512939cde597aee57f84fbc49ba76f322ad99d963ca8720153cc
PivotX version 2.3.10 suffers from session fixation, code execution, and cross site scripting vulnerabilities.
46674e4415ac3578e9c37660f047a58b4394e048c244adbc09b59b34d6626102
This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.
a2184f47ed1174e50ad69f7fd1808a0bfb8843fb0450d0e5bd5891aa520131cd
By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference. Versions prior to 8.4 are affected.
1d5b03ba6b9a7b0e1ff5623237c28661b4f890d43709aa901df21c57464f2cf6
Koha ILS suffers from cross site request forgery, cross site scripting, remote SQL injection, and path traversal vulnerabilities. Versions 3.20.x less than or equal to 3.20.1, 3.18.x less than or equal to 3.18.8, and 3.16.x less than or equal to 3.16.12 are affected.
db2ddcd34b4c592559253b1b3c6f3e7e83b307e30c13455c3c11e7c181ea9384
NETGEAR ProSafe suffers from cross site scripting, header injection, and remote SQL injection vulnerabilities.
d2cffb6c14ae7d6d75847a649433d54664550130dd5ffabcc160493696e70230
Download Zip Attachments version 1.0 suffers from an arbitrary file download vulnerability.
5c51fdb6e266ef3a8a35172957a3166fd6452e291e1e736475722362e05b938f
WordPress WP-Instance-Rename plugin version 1.0 suffers from an arbitrary file download vulnerability.
9a24d9b6daa62347b0cb943035d61843dba740d737dd765fd6a8ca7bdea56236
ArcSight suffers from a log poisoning vulnerability.
fc2f4788f873862fc266d71b5a6c6655034f7c3ae00f59103be393d90706c07b
Nucleus CMS version 3.65 suffers from a persistent cross site scripting vulnerability.
546f34805d04034f047e4144ea4b40a6097badf77ac07bce75855a9b73741bd7