Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 3 hours 38 min ago

FTPShell Client 5.24 PWD Remote Buffer Overflow

Sat, 11/19/2016 - 22:33
FTPShell Client version 5.24 PWD remote buffer overflow exploit.
Categories: Security

WordPress MailChimp 4.0.7 Cross Site Request Forgery / Cross Site Scripting

Sat, 11/19/2016 - 22:33
WordPress MailChimp plugin version 4.0.l7 suffers from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

Red Jasmin 1.0 SQL Injection

Sat, 11/19/2016 - 20:11
Red Jasmin version 1.0 suffers from a remote SQL injection vulnerability.
Categories: Security

SAP NetWeaver AS JAVA 7.5 Directory Traversal

Fri, 11/18/2016 - 23:02
SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a directory traversal vulnerability.
Categories: Security

SAP NetWeaver AS ABAP 7.4 Directory Traversal

Fri, 11/18/2016 - 23:01
SAP NetWeaver AS ABAP version 7.4 suffers from a directory traversal vulnerability.
Categories: Security

Microsoft Edge CTextExtractor::GetBlockText Out-Of-Bounds Read

Fri, 11/18/2016 - 22:50
A specially crafted web-page can cause an integer underflow in Microsoft Edge. This causes CTextExtractor::GetBlockText to read data outside of the bounds of a memory block.
Categories: Security

Palo Alto Networks PanOS root_reboot Privilege Escalation

Fri, 11/18/2016 - 22:44
Palo Alto Networks PanOS suffers from a root_reboot local privilege escalation vulnerability.
Categories: Security

Palo Alto Networks PanOS root_trace Privilege Escalation

Fri, 11/18/2016 - 22:33
Palo Alto Networks PanOS suffers from a root_trace local privilege escalation vulnerability.
Categories: Security

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free

Fri, 11/18/2016 - 21:37
A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue, and apparently all code in this module, is not mitigated by MemGC. This issue appears to have been addressed in July 2016, as it failed to reproduce after the July security updates were installed.
Categories: Security

Huawei Flybox B660 3G/4G Router Authentication Bypass

Fri, 11/18/2016 - 21:31
Huawei Flybox B660 3G/4G router suffers from an authentication bypass vulnerability.
Categories: Security

Habari CMS 0.9.2 Cross Site Scripting

Fri, 11/18/2016 - 21:25
Habari CMS version 0.9.2 suffers from a cross site scripting vulnerability.
Categories: Security

Teradata Studio Express 15.12.00.00 Race Condition

Fri, 11/18/2016 - 21:20
Teradata Studio Express version 15.12.00.00 suffers from a /tmp race condition.
Categories: Security

Apple iOS 10.1 Access Permissions

Fri, 11/18/2016 - 19:32
Apple iOS version 1.0 suffers from multiple access permission vulnerabilities.
Categories: Security

Teradata Virtual Machine Community Edition 15.0 Insecure File Creation

Fri, 11/18/2016 - 18:19
Teradata Virtual Machine Community Edition version 15.10 suffers from an insecure creation of files in /tmp that may lead to elevated code execution.
Categories: Security

FUDforum 3.0.6 Local File Inclusion

Fri, 11/18/2016 - 18:18
FUDforum version 3.0.6 suffers from a local file inclusion vulnerability.
Categories: Security

Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags

Fri, 11/18/2016 - 18:17
Jaws version 1.1.1 suffers from object injection, open redirection, and cookie flag related vulnerabilities.
Categories: Security

FUDforum 3.0.6 Cross Site Request Forgery / Cross Site Scripting

Fri, 11/18/2016 - 18:16
FUDforum version 3.0.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

Lepton 2.2.2 Stable Shell Upload

Fri, 11/18/2016 - 18:13
Lepton version 2.2.2 Stable suffers from a remote code execution vulnerability via a remote shell upload.
Categories: Security

Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling

Fri, 11/18/2016 - 18:11
Lepton version 2.2.2 Stable suffers from password handling, insecure bruteforce protection, cross site request forgery, and open redirection vulnerabilities.
Categories: Security

Lepton 2.2.2 Stable SQL Injection

Fri, 11/18/2016 - 18:09
Lepton version 2.2.2 Stable suffers from remote SQL injection vulnerabilities.
Categories: Security