Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 20 hours 23 min ago
FOSCAM Wireless IP Camera suffers from a cross site scripting vulnerability.
appRain version 3.0.2 suffers from a remote SQL injection vulnerability.
WordPress Gallery Bank version 2.0.19 suffers from a cross site scripting vulnerability.
OWASP Java Encoder suffers from a cross site scripting bypass vulnerability when it comes to the use of backticks.
Microweber version 0.905 suffers from an error-based remote SQL injection vulnerability.
Flatpress version 1.0 remote code execution exploit that leverages a comment loaded through a directory traversal vulnerability.
Webers CMS suffers from cross site scripting, local file inclusion, path disclosure, and remote SQL injection vulnerabilities.
Core Security Technologies Advisory - A security vulnerability was found in Vivotek IP cameras that could allow an unauthenticated remote attacker to bypass the RTSP basic authentication and access the video stream.
A cross site scripting vulnerability has been found in Cisco Security Monitoring, Analysis and Response System. The issue is due to the input passed via several fields (eg: isnowLatency) to the /Query/NewQueryResult.jsp page are not properly sanitised before being returned to the user. Other pages could be affected by this issue.
Project'Or RIA version 3.4.0 suffers from a remote SQL injection vulnerability.
Project'Or RIA version 3.4.0 suffers from multiple cross site scripting vulnerabilities.
LBG Zoom In/Out Effect Slider plugin for Wordpress suffers from cross site scripting and path disclosure vulnerabilities.
LinkedIn suffered from multiple persistent cross site scripting vulnerabilities in the contact management system.
Enigmatic CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
TinyMCE version 3.2.7 suffers from SQL injection bypass and remote shell upload vulnerabilities.
This archive contains all of the 176 exploits added to Packet Storm in October, 2013.
This Metasploit module exploits a stack-based buffer overflow in StoryBoard Quick 6.
This Metasploit module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however Word in IgnoredWords is the only field to accept mixed-case characters.
Practico version 13.9 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.