vOlk Botnet Framework version 4.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
e54131638c8af68360886a900c3026ff7763f7aa00165f7ce9285c2151d69639Omnistar Document Manager version 8.0 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
2924e8b30c96dbf093040ad4ad98b8a4104a3b5364631473d81d717b1f6687fdThis Metasploit module exploits a code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. It is packaged in several products or GE, such as Proficy Historian 4.5, 4.0, 3.5, and 3.1, Proficy HMI/SCADA 5.1 and 5.0, Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Driver between 7.20 and 7.42. When the control is installed with these products, the function "LaunchTriPane" will use ShellExecute to launch "hh.exe", with user controlled data as parameters. Because of this, the "-decompile" option can be abused to write arbitrary files on the remote system. Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute it. Please note that this module currently only works for Windows before Vista. On the other hand, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3
ddfde3a6cd95fb91cc1c6b3a0ce469bb1d439179f47acc6c7c8348a5fef601f0FileBound On-Site versions prior to 6.2 suffer from a remote privilege escalation vulnerability due to a faulty control validating password requests.
8e56b4f4c9544dd8530de39fc0101066f47f4c720e156e0793d6aa0ddffaf44aLinux kernel binfmt_script handling in combination with CONFIG_MODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack to growing argv list. Apart from that, the BINPRM_MAX_RECURSION can be exceeded: the maximum of 4 recursions is ignored, instead a maximum of roughly 2^6 recursions is in place. Proof of concept included.
7bd378909366bd639a1af332dc8a07b872f1dbfc3c0f252621b3c7a24e1876abMicrosoft Office Excel ReadAV arbitrary code execution exploit.
4f183637725018f93e56bfb644917918cb8b9b41e1b0740342746d362b3ada27OpenX version 2.8.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
d484cead504afbaaedbee4354a2ee6cdeaaafcec1c5ad0426bb8c95c12f4be46Sites designed by Yasmingmi appear to suffer from multiple remote SQL injection vulnerabilities. Note that this finding houses site-specific data.
6e2a4b83a7b2dd4c5f7f85c74780590906cc02953e46eea15ea9c96e1d42ecf6Sites designed by BIDS appear to suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f052a87ebf386597062ed4019081d111081360e5a9e98a705e456af329033068This Metasploit module exploits the default credentials of Apple iOS when it has been jailbroken and the passwords for the 'root' and 'mobile' users have not been changed.
54dd4f5278bc9c7459a9eb628b204ee6a8e4bb9050d89979261c0c78390b9f3aHigh-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
59c748e21d43b8cf7dd9c2c3ce4ae6dbd13341240e0cfa60bbf3d2ee4d85b88eTinyCMS versions 1.2 through 1.4 suffer from a local file inclusion vulnerability.
bf76fb44a7c3064cbdd9616afb751e33dd5f67dd21c93ed1a6dd5b2f80c3ba67VLC Player version 2.0.3 suffers from a ReadAV arbitrary code execution vulnerability.
b8d9e4b0937d2e4052d917d3fa45e638484b85c6cfa01eb95f048b90e9486e2fOpera appears to suffer from a cross site scripting vulnerability due to a content inspection issue with image/svg+xml.
47c58bfa83f5960e04d82e9e18ef5a405a829e835b66320e8d0d8cd3da1b9ba0This is a whitepaper from Matasano that documents multiple zero day vulnerabilities in Dark Comet RAT. These issues include remote SQL injection, man in the middle issues, and arbitrary file access.
5fdcf5fad602c3cbdde40ce41d88d40d8290dff47e5bc4bbe9fddeba61cb22a4Key Systems Electronic Key Lockers contain a command injection vulnerability which may allow a remote unauthenticated attacker to inject commands into the electronic key locker. Key Systems Electronic Key Lockers also contains weak authentication which could allow an attacker administrative access to the electronic key locker.
e041973800631f5c0a7274ae4ca01886483e2d34625197c49d13b8d056db55ecPHP version 5.3.4 on windows com_event_sink zero day exploit.
7c10651bbfba8d827368b8a19219613171b3dd6f2fc6885a3ddec4ea94d635e5PLIB version 1.8.5 ssg/ssgParser.cxx buffer overflow exploit that binds a shell to port 4444.
bcba481bbab5e30dd19c118080b1ff90929a81728cacd90054794049004482bcFL Studio 10 Producer Edition SEH based buffer overflow proof of concept exploit.
baccc3c89450e01403323b36347d890a84bd82c9b7faff4e753ea4c496b4259cThis Metasploit module exploits a stack buffer overflow in Avaya WinPMD. The vulnerability exists in the UniteHostRouter service, due to the insecure usage of memcpy when parsing specially crafted "To:" headers. The module has been tested successfully on Avaya WinPMD 3.8.2 over Windows XP SP3 and Windows 2003 SP2.
d9b4cfd701509dee98dd35f95bbf2fa0811c43ac505cb1b7aba6619d0bbbbae5This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.
38fdec2a063f86b17c2227e7876f3caa2eb9ea10ec338d6f0a5b2d15773ee645Interspire Email Marketer version 6.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
f8bd46b59908fd250f604a96039d46e1985482e022445cd4f574ef41594a8737This Metasploit module exploits a vulnerability found in PhpTax, an income tax report generator. When generating a PDF, the icondrawpng() function in drawimage.php does not properly handle the pfilez parameter, which will be used in a exec() statement, and then results in arbitrary remote code execution under the context of the web server. Please note: authentication is not required to exploit this vulnerability.
3ecd2777666a36e43ebd4979984a5196686b1b70e2c3ecf4ce15f5ace94c27d1Endpoint Protector version 4.0.4.0 suffers from cross site scripting vulnerabilities. The vendor has contacted Packet Storm on 10/09/2013 and noted that they have addressed these issues in product update 4.4.0.1. The update is available through the Webadmin console :: Dashboard > Live Update.
a2328643204ae516795d8ff44584e599f64ae809a6f8cea65a8b02f5dc1a9a04Arctic Torrent version 1.2.3 remote memory corruption denial of service exploit.
9172304714395a3f989c23b4c6fb9c5679590e4aa469b113717c0617e2230ff7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed