Latest Exploits
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none))
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 15 hours 13 min ago
Sony PSN Community Lithium Forums 2012 Q4 XSS
Sony PSN Community Lithium Forums 2012 Q4 suffer from a cross site scripting vulnerability.
Categories: Security
File List 3.3 / 3.5 PRO XSS / LFI / File Upload
File List versions 3.3 and 3.5 PRO for iOS suffer from cross site scripting, local file inclusion, and remote arbitrary file upload vulnerabilities.
Categories: Security
Sony PSN Community Lithium Forums 2012 Q4 Script Insertion
Sony PSN Community Lithium Forums 2012 Q4 suffer from a cross site scripting vulnerability.
Categories: Security
Sony PSN Community Lithium Forums 2012 Q4 Script Insertion
Sony PSN Community Lithium Forums 2012 Q4 suffers from a script insertion vulnerability.
Categories: Security
PayPal Ecommerce Script Insertion
PayPal suffered from a persistent cross site scripting vulnerability.
Categories: Security
No-IP Dynamic Update Client 2.1.9 Stack Overflow
No-IP Dynamic Update Client (DUC) version 2.1.9 local IPaddress stack overflow exploit.
Categories: Security
Wireless Disk PRO 2.3 LFI / XSS / Command Injection
Wireless Disk PRO for iOS version 2.3 suffers from local file inclusion, cross site scripting, and OS command injection vulnerabilities.
Categories: Security
Avira Personal Privilege Escalation
Avira Personal appears to suffer from a privilege escalation vulnerability.
Categories: Security
PayPal Community Forum Script Insertion
PayPal Community Forum suffers from a mail encoding script insertion vulnerability.
Categories: Security
WordPress Search And Share 0.9.3 Cross Site Scripting
WordPress Search and Share plugin versions 0.9.3 and below suffer from cross site scripting and path disclosure vulnerabilities.
Categories: Security
WordPress Securimage 3.2.4 Cross Site Scripting
WordPress Securimage plugin version 3.2.4 suffers from a cross site scripting vulnerability.
Categories: Security
Lan Messenger 1.2 Buffer Overflow
Lan Messenger version 1.2 suffers from a buffer overflow vulnerability.
Categories: Security
SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
Categories: Security
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
This Metasploit module abuses the SAP NetWeaver SXPG_COMMAND_EXECUTE function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.
Categories: Security
Securimage 3.5 Cross Site Scripting
Securimage suffers from a cross site scripting issue in 'example_form.php' that uses the 'REQUEST_URI' variable. The vulnerability is present because there isn't any filtering to the mentioned variable in the affected script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.
Categories: Security
UMI.CMS 2.9 Cross Site Request Forgery
UMI.CMS version 2.9 suffers from a cross site request forgery vulnerability.
Categories: Security
Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
Linux kernel open-time capability file_ns_capable() local root exploit.
Categories: Security
AlienVault OSSIM 4.1.2 SQL Injection
AlienVault OSSIM versions 4.1.2 and below suffer from remote SQL injection vulnerabilities.
Categories: Security
Joomla DJ Classifieds Extension 2.0 SQL Injection
Joomla DJ Classifieds Extension component version 2.0 suffers from a remote blind SQL injection vulnerability.
Categories: Security
Flightgear 2.0 / 2.4 Format String
Flightgear versions 2.0 and 2.4 suffer from a remote format string vulnerability.
Categories: Security
"I can't thank you enough for retrieving my files from my crashing hard drive and transferring them on to a new hard drive. I was pretty freaked out ... and I am so grateful that you were able to retrieve them for me, so thank you again and please know that you are very appreciated."
Renee, Kustom Kreative Designing
