Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 21 hours 55 min ago

MikroTik RouterOS Cross Site Request Forgery

Sun, 03/08/2015 - 08:03
MikroTik RouterOS versions prior to 5.0 suffer from a cross site request forgery vulnerabilities.
Categories: Security

OpenKM Stored Cross Site Scripting

Sun, 03/08/2015 - 05:11
OpenKM versions prior to 6.4.19 suffer from a stored cross site scripting vulnerability.
Categories: Security

Yahoo Query Language Cross Site Scripting

Sun, 03/08/2015 - 04:32
The Yahoo Query Language API suffers from a cross site scripting vulnerability.
Categories: Security

WordPress Daily Edition 1.6.2 File Upload

Sat, 03/07/2015 - 13:44
WordPress Daily Edition theme version 1.6.2 suffers from an arbitrary file upload vulnerability.
Categories: Security

NetCat CMS 5.01 Cross Site Scripting

Sat, 03/07/2015 - 09:02
NetCat CMS versions 1.1, 2.0, 2.1, 2.2, 2.3, 2.4, 3.0, 3.12, and 5.01 suffer from a cross site scripting vulnerability.
Categories: Security

WordPress Daily Edition 1.6.2 SQL Injection

Sat, 03/07/2015 - 08:03
WordPress Daily Edition theme version 1.6.2 suffers from a remote SQL injection vulnerability.
Categories: Security

WordPress Yoast Google Analytics 5.3.2 Cross Site Scripting

Sat, 03/07/2015 - 07:02
Yoast WordPress plugin version 5.3.2 for Google Analytics suffers from a stored cross site scripting vulnerability.
Categories: Security

ASUS RT-G32 Cross Site Request Forgery / Cross Site Scripting

Sat, 03/07/2015 - 06:11
ASUS RT-G32 suffers from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

Elastix 2.5.0 SQL Injection

Fri, 03/06/2015 - 17:42
Elastix versions 2.5.0 and below suffer from a remote blind SQL injection vulnerability.
Categories: Security

Betster 1.0.4 SQL Injection / Authentication Bypass

Fri, 03/06/2015 - 17:01
Betster version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Categories: Security

Nvidia Mental Ray Satellite Service Arbitrary DLL Injection

Fri, 03/06/2015 - 09:41
The Nvidia Mental Ray Satellite Service listens for control commands on port 7414. When it receives the command to load a DLL (via an UNC path) it will try to connect back to the host on port 7514. If a TCP connection is successful it will then attempt to load the DLL. This Metasploit module has been tested successfully on Win7 x64 with Nvidia Mental Ray Satellite Service v3.11.1.
Categories: Security

ProjectSend r561 SQL Injection

Fri, 03/06/2015 - 09:37
ProjectSend version r561 suffers from a remote SQL injection vulnerability.
Categories: Security

WordPress Download Manager 2.7.2 Privilege Escalation

Fri, 03/06/2015 - 09:35
WordPress Download Manager plugin version 2.7.2 suffers from a privilege escalation vulnerability.
Categories: Security

PHPMoAdmin 1.1.2 Remote Code Execution

Thu, 03/05/2015 - 16:58
This Metasploit module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval() in PHPMoAdmin.
Categories: Security

Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting

Thu, 03/05/2015 - 16:55
Ultimate PHP Board (UPB) version 2.2.7 suffers from a cross site scripting vulnerability.
Categories: Security

HP Data Protector 8.10 Remote Command Execution

Wed, 03/04/2015 - 22:03
This Metasploit module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be execute by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is an strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This Metasploit module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1.
Categories: Security

Generic DLL Injection From Shared Resource

Wed, 03/04/2015 - 13:32
This is a general-purpose module for exploiting conditions where a DLL can be loaded from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service.
Categories: Security

Generic Web Application DLL Injection

Wed, 03/04/2015 - 12:22
This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This Metasploit module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL.
Categories: Security

Webshop Hun 1.062S Directory Traversal

Wed, 03/04/2015 - 10:02
Webshop Hun version 1.062S suffers from a directory traversal vulnerability.
Categories: Security

Webshop Hun 1.062S Cross Site Scripting

Wed, 03/04/2015 - 09:02
Webshop Hun version 1.062S suffers from a cross site scripting vulnerability.
Categories: Security