Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 23 hours 13 min ago

USB Pratirodh XXE Injection

Wed, 03/15/2017 - 18:47
USB Pratirodh suffers from an XML external entity injection vulnerability.
Categories: Security

Skype 7.16.0.102 DLL Hijacking

Wed, 03/15/2017 - 18:43
Skype version 7.16.0.102 suffers from a dll hijacking vulnerability.
Categories: Security

Microsoft Windows LoadUvsTable() Buffer Overflow

Wed, 03/15/2017 - 15:22
Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability.
Categories: Security

Readymade Job Site Script 3.0.1 SQL Injection

Wed, 03/15/2017 - 13:22
Readymade Job Site Script version 3.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Categories: Security

Freelancer Script 4.0.1 SQL Injection

Wed, 03/15/2017 - 09:44
Freelancer Script version 4.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Categories: Security

FTPShell Client 6.53 Buffer Overflow

Wed, 03/15/2017 - 08:33
FTPShell Client version 6.53 buffer overflow exploit written in python.
Categories: Security

PCAUSA Rawether For Windows Local Privilege Escalation

Wed, 03/15/2017 - 06:11
ASUS PCE-AC56 WLAN card utilities (PCAUSA Rawether Windows 10 x64) local privilege escalation exploit.
Categories: Security

Joomla Vik Appointments 1.5 SQL Injection

Wed, 03/15/2017 - 05:11
Joomla Vik Appointments component version 1.5 suffers from a remote SQL injection vulnerability.
Categories: Security

Joomla Vik Rent Items 1.3 SQL Injection

Wed, 03/15/2017 - 04:33
Joomla Vik Rent Items component version 1.3 suffers from a remote SQL injection vulnerability.
Categories: Security

Joomla Vik Rent Car 1.11 SQL Injection

Wed, 03/15/2017 - 04:11
Joomla Vik Rent Car component version 1.11 suffers from a remote SQL injection vulnerability.
Categories: Security

IBM WebSphere Remote Code Execution Java Deserialization

Tue, 03/14/2017 - 18:58
This Metasploit module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.
Categories: Security

Apache Struts Jakarta Multipart Parser OGNL Injection

Tue, 03/14/2017 - 18:57
This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
Categories: Security

Microsoft Windows COM Session Moniker Privilege Escalation

Tue, 03/14/2017 - 18:54
Microsoft Windows suffers from a COM session moniker elevation of privilege vulnerability.
Categories: Security

Adobe Flash AVC Header Slicing Heap Overflow

Tue, 03/14/2017 - 18:53
Adobe Flash suffers from a heap overflow vulnerability in AVC header slicing.
Categories: Security

Adobe Flash ATF Planar Decompression Heap Overflow

Tue, 03/14/2017 - 18:52
Adobe Flash suffers from a heap overflow vulnerability in ATF Planar Decompression.
Categories: Security

Adobe Flash ATF Thumbnailing Heap Overflow

Tue, 03/14/2017 - 18:51
Adobe Flash suffers from a heap overflow vulnerability in ATF thumbnailing.
Categories: Security

Adobe Flash MovieClip Use-After-Free

Tue, 03/14/2017 - 18:50
Adobe Flash suffers from a use-after-free in MovieClip attach init object.
Categories: Security

Adobe Flash Metadata Out-Of-Bounds Read

Tue, 03/14/2017 - 18:50
Adobe Flash suffers from an out-of-bounds read in metadata parsing.
Categories: Security

b2evolution 6.8.8 Shell Upload

Tue, 03/14/2017 - 10:35
b2evolution version 6.8.8 Stable suffers from a remote shell upload vulnerability.
Categories: Security

Microsoft Edge Fetch API Arbitrary Header Setting

Tue, 03/14/2017 - 09:44
It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers. Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smuggling).
Categories: Security