Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 3 hours 33 min ago
This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from an URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.
Office Assistant Pro version 2.2.2 suffers from a local file inclusion vulnerability.
Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.
HP Data Protector EXEC_BAR remote command execution exploit that affects versions 6.10, 6.11, and 6.20.
Open Web Analytics (OWA) is open source web analytics software that can track and analyze how visitors use websites and applications. OWA is vulnerable to SQL injection that allows an attacker to execute arbitrary SQL statements in the context of the configured OWA database user without authenticating to the web application. This vulnerability affects Open Web Analytics version 1.5.4.
mbDriveHD version 1.0.7 suffers from local file inclusion and command injection vulnerabilities.
Pina CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
DSMS suffers from cross site scripting and content spoofing vulnerabilities.
This code abuses PJL functionality on HP network printers to print documents and also change the "ReadyMessage". Useful for avoiding printer payment systems in universities. Scan for port 9100 to find printers.
Joomla Wire Immogest component suffers from a remote SQL injection vulnerability.
phpMyBackupPro version 2.4 suffers from a cross site scripting vulnerability.
Linksys E-Series unauthenticated remote command execution exploit that leverages the same vulnerability as used in the "Moon" worm.
H K Digital Online suffers from a remote SQL injection vulnerability.
Symantec PGP Universal Web Messenger versions prior to 3.3.2 suffer from an unauthorized access vulnerability.
This Metasploit module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.
TomatoCart version 188.8.131.52 suffers from a local file inclusion vulnerability.
WordPress Better WP Security plugin version 3.6.3 suffers from information disclosure and cross site scripting vulnerabilities.
Acunetix WordPress WP Security Make Backup plugin version 4.0.3 suffers from a cross site request forgery vulnerability.
Proof of concept SQL injection exploit for the panel in Dexter CasinoLoader. It exploits the gateway for bots to connect in, which sanitizes none of its input. This version of the exploit just dumps database data, and can create a GEXF file to make a graph in Gephi.
WordPress Buddypress plugin versions 1.9.1 and below suffer from a privilege escalation vulnerability.