Ruby Gem Fog Dragonfly version 0.8.2 suffers from a remote command injection vulnerability.
ab3491f98a2bc70682b26926ea96e1f3e4c3c966ee732993fde62136ed2c27ca
Mikrotik RouterOS versions 5.x and 6.x suffer from an sshd remote pre-authentication heap corruption vulnerability. Included is a 50 meg Mikrotik package that includes all research items.
74610d5d75efcfb4a984b83085a1bd9e64779bd5d156fb3a81b92d7bb3439349
Oracle Java lookUpByteBI function heap buffer overflow proof of concept exploit.
4923185e9a0717f0746ed0226cc0e0b1346fbee72009a8f231027b831cc2ebd7
Cetelem Online bank suffers from cross site scripting and clickjacking vulnerabilities. The vendor had not responded to the researcher after multiple attempts to reach them. The CSIRT team for the bank notified Packet Storm on 10/14/2013 that the issues have been remediated.
725a5580019aaa28e98f7d7843da1fbb140cb6edd882ae4285924205b58a8f7d
PotPlayer version 1.5.39036 crash proof of concept exploit that generates a malicious .wav file.
096862c5968b10e54c29d3d5546d41797202268377d846c4c3b694c8d005bf6d
WordPress NextGen Smooth Gallery plugin suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
5c86af5619cefd28f023609910e7561145819334568c587fa4a24f9ae5d0548b
The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery.
ba96e4f85c1954558a6465548df5a7c14c4b67362f6c526a4c2c191b176d6879
CNZZ CMS suffers from multiple cross site scripting and remote SQL injection vulnerabilities.
96a556480ad5bf893c3a382a233686d92f8776500cae27dcf790cef2512abb99
Green Browser version 6.4.0515 suffers from a heap overflow vulnerability.
ad610b2f17cd397e0c90df2056ebf91d152b2465636cf5dfb701762ae957c190
Sites powered by Rnet eShop suffer from a cross site scripting vulnerability. Note that this finding houses site-specific data.
26f57a3452779788ae6639c5c91d689769f4f144df2809d9eca422b06b214af3
dBlog CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
cdb07830744acaeac09426c4c60a99946e52ce5118dff9873876f15b0b06baf0
Flo CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
32868950fc0128288eeef74f12c3f6691e76fabac2cc45924689b6a3db49e268
Sites powered by Webtimizer suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
602eeae979d136de5207f086117102ea2c3246d1afee821f4fce57d238bca93e
Ox Design suffers from cross site scripting and remote SQL injection vulnerabilities.
e9998a9589f707daaf60f89c51f97bedca1fdbffebd43e67918ad1b0e60542f6
PK-CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
b035e19941e05d08caef3ea0aa4b46f7dfbbd6f5a8fd3924d823f22a3f213f29