Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 21 hours 38 min ago

ProjectSend Arbitrary File Upload

Mon, 12/29/2014 - 18:26
This Metasploit module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.
Categories: Security

Incom CMS SQL Injection

Mon, 12/29/2014 - 17:49
Incom CMS suffers from an authentication bypass vulnerability via remote SQL injection.
Categories: Security

Desktop Linux Password Stealer / Privilege Escalation

Mon, 12/29/2014 - 13:22
This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.
Categories: Security

Ex Libris Patron Directory Services 2.1 Open Redirect

Mon, 12/29/2014 - 13:22
Ex Libris Patron Directory Services version 2.1 suffers from an open redirection vulnerability.
Categories: Security

Ex Libris Patron Directory Services 2.1 Cross Site Scripting

Mon, 12/29/2014 - 12:22
Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.
Categories: Security

CNN Cross Site Scripting / Open Redirect

Mon, 12/29/2014 - 09:22
The travel.cnn.com and ads.cnn.com sites suffer from cross site scripting and open redirection vulnerabilities.
Categories: Security

WordPress Dmsguestbook Unauthenticated Data Injection

Mon, 12/29/2014 - 09:04
WordPress Dmsguestbook plugin suffers from a remote unauthenticated data injection vulnerability.
Categories: Security

CMS Pylot Cross Site Request Forgery / Cross Site Scripting

Sun, 12/28/2014 - 23:44
CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

WordPress Frontend Uploader 0.9.2 Cross Site Scripting

Sun, 12/28/2014 - 23:44
WordPress Frontend Uploader plugin version 0.9.2 suffers from a cross site scripting vulnerability.
Categories: Security

e107 2.0 Alpha2 Cross Site Request Forgery

Sun, 12/28/2014 - 17:22
e107 version 2.0 Alpha2 suffers from a cross site request forgery vulnerability.
Categories: Security

Maxthon Browser Address Bar Spoofing

Sun, 12/28/2014 - 04:32
Maxthon Browser suffers from an address bar spoofing vulnerability.
Categories: Security

jetAudio 8.1.3.2200 Crash Proof Of Concept

Sat, 12/27/2014 - 05:32
jetAudio version 8.1.3.2200 proof of concept denial of service vulnerability that creates a malicious .m3u file.
Categories: Security

PMB 4.1.3 SQL Injection

Fri, 12/26/2014 - 14:32
PMB versions 4.1.3 and below suffer from a post-authentication remote SQL injection vulnerability.
Categories: Security

WhatsApp Remote Crash On Android

Fri, 12/26/2014 - 13:33
WhatsApp suffers from a remote reboot/crash vulnerability on Android versions 2.11.476 and below.
Categories: Security

Lazarus Guestbook 1.22 XSS / SQL Injection

Fri, 12/26/2014 - 10:55
Lazarus Guestbook version 1.22 suffers from cross site scripting and remote SQL injection vulnerabilities.
Categories: Security

Pimcore 3.0 / 2.3.0 SQL Injection

Fri, 12/26/2014 - 09:44
Pimcore CMS versions 2.3.0 and 3.0 suffer from a remote SQL injection vulnerability.
Categories: Security

PHPLIST 3.0.6 / 3.0.10 SQL Injection

Fri, 12/26/2014 - 08:02
PHPLIST versions 3.0.6 and 3.0.10 suffer from a remote SQL injection vulnerability.
Categories: Security

WordPress Themes download.php File Disclosure

Wed, 12/24/2014 - 11:12
Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.
Categories: Security

SysAid Server Arbitrary File Disclosure

Wed, 12/24/2014 - 11:09
SysAid Server is vulnerable to an unauthenticated file disclosure attack that allows an anonymous attacker to read arbitrary files on the system. An attacker exploiting this issue can compromise SysAid user accounts and gain access to important system files. When SysAid is configured to use LDAP authentication it is possible to gain read access to the entire Active Directory or obtain domain admin privileges. Versions prior to 14.4.2 are affected.
Categories: Security

Vulnerability In Popular Plugins

Tue, 12/23/2014 - 23:43
This is a brief whitepaper that discusses SQL injection, cross site scripting, and remote shell upload vulnerabilities in various Joomla! plugins.
Categories: Security