Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 22 hours 47 min ago

Monstra 3.0.1 HTTP Response Splitting

Mon, 11/10/2014 - 13:01
Monstra versions 3.0.1 and below suffer from an HTTP response splitting vulnerability.
Categories: Security

Anchor CMS 0.9.2 Header Injection

Mon, 11/10/2014 - 12:59
Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability.
Categories: Security

ZXDSL 831CII Cross Site Request Forgery

Mon, 11/10/2014 - 12:57
ZXDSL 831CII suffers from a cross site request forgery vulnerability.
Categories: Security

IP.Board 3.4.7 SQL Injection

Mon, 11/10/2014 - 12:35
IP.Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
Categories: Security

X3 CMS 0.5.1.1 Cross Site Request Forgery / Cross Site Scripting

Sun, 11/09/2014 - 23:44
X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection

Sun, 11/09/2014 - 09:22
ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities.
Categories: Security

Password Manager Pro SQL Injection

Sun, 11/09/2014 - 08:03
Password Manager Pro versions prior to 7.1 build 7105 suffer from multiple remote SQL injection vulnerabilities.
Categories: Security

Another WordPress Classifieds Cross Site Scripting / SQL Injection

Sat, 11/08/2014 - 07:12
Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities.
Categories: Security

Visual Mining NetCharts Server Remote Code Execution

Fri, 11/07/2014 - 12:19
This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (and non editable). This user, named 'Scheduler', can only login to the console after any modification in the user database (a user is added, admin password is changed etc). If the 'Scheduler' user isn't available valid credentials must be supplied. The default Admin password is Admin.
Categories: Security

PayPal MultiOrder Shipping Cross Site Scripting

Fri, 11/07/2014 - 12:14
PayPal MultiOrder Shipping suffered from a persistent cross site scripting vulnerability.
Categories: Security

BookFresh Persistent Cross Site Scripting

Fri, 11/07/2014 - 12:12
BookFresh suffers from a persistent cross site scripting vulnerability.
Categories: Security

OX App Suite 7.6.0 SQL Injection

Fri, 11/07/2014 - 12:08
OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.
Categories: Security

SeasonApps iTransfer 1.1 Script Insertion

Fri, 11/07/2014 - 12:04
SeasonApps iTransfer version 1.1 suffers from a persistent script insertion vulnerability.
Categories: Security

ZTE ZXDSL 831 Cross Site Scripting

Fri, 11/07/2014 - 11:56
ZTE ZXDSL 831 suffers from multiple cross site scripting vulnerabilities.
Categories: Security

ZTE 831CII Hardcoded Credential / XSS / CSRF

Fri, 11/07/2014 - 11:52
ZTE 831CII suffers from cross site request forgery, hardcoded administrative credential, and cross site scripting vulnerabilities.
Categories: Security

ZTE ZXDSL 831CII Insecure Direct Object Reference

Fri, 11/07/2014 - 11:49
ZTE ZXDSL 831CII suffers from an insecure direct object reference vulnerability that allows for authentication bypass.
Categories: Security

MINIX 3.3.0 Local Denial Of Service

Fri, 11/07/2014 - 05:32
MINIX version 3.3.0 suffers from multiple local denial of service vulnerabilities.
Categories: Security

Joomla/WordPress XCloner Command Execution / Password Disclosure

Thu, 11/06/2014 - 20:01
XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities.
Categories: Security

JExperts Tecnologia / Channel Software Privilege Escalation

Thu, 11/06/2014 - 19:59
JExperts Tecnologia / Channel software version 5.0.33_CCB allows for authorization bypass / privilege escalation via tampering with parameters in the GET request.
Categories: Security

JExperts Tecnologia / Channel Software Cross Site Scripting

Thu, 11/06/2014 - 19:57
JExperts Tecnologia / Channel software version 5.0.33_CCB suffers from a cross site scripting vulnerability.
Categories: Security