Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 8 hours 11 min ago

Rockwell LOGIX 5324 ER Cross Site Scripting

Tue, 04/03/2018 - 18:04
Rockwell LOGIX 5324 ER suffers from cross site scripting and html injection vulnerabilities.
Categories: Security

ProcessMaker Plugin Code Execution

Tue, 04/03/2018 - 18:02
This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker versions 1.6-4276, 2.0.23, 3.0 RC 1, 3.2.0, 3.2.1 on Windows 7 SP 1; and version 3.2.0 on Debian Linux 8.
Categories: Security

Microsoft Edge Charka JIT Incomplete Fix For Issue 1420 #2

Tue, 04/03/2018 - 16:23
A security fix applied for Microsoft Edge Chakra JIT is incomplete.
Categories: Security

Microsoft Edge Charka JIT Incomplete Fix For Issue 1420

Tue, 04/03/2018 - 15:02
A security fix applied for Microsoft Edge Chakra JIT is incomplete.
Categories: Security

Chrome V8 Genesis::InitializeGlobal Bugs

Tue, 04/03/2018 - 13:23
Chrome V8 has multiple bugs in Genesis::InitializeGlobal.
Categories: Security

Chrome V8 ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion

Tue, 04/03/2018 - 12:22
Chrome V8 suffers from a type confusion vulnerability in ElementsAccessorBase::CollectValuesOrEntriesImpl.
Categories: Security

DuckDuckGo 4.2.0 WebRTC Private IP Leakage

Tue, 04/03/2018 - 05:33
This Metasploit module exploits a vulnerability in browsers using well-known property of WebRTC (Web Real-Time Communications) which enables Web applications and sites to capture or exchange arbitrary data between browsers without requiring an intermediary.
Categories: Security

ShoprLynx 9.2.3 Insecure File Permissions

Mon, 04/02/2018 - 14:02
ShoprLynx version 9.2.3 suffers from an insecure file permissions vulnerability.
Categories: Security

OpenCMS 10.5.3 Cross Site Request Forgery

Mon, 04/02/2018 - 12:32
OpenCMS version 10.5.3 suffers from a cross site request forgery vulnerability.
Categories: Security

OpenCMS 10.5.3 Cross Site Scripting

Mon, 04/02/2018 - 12:22
OpenCMS version 10.5.3 suffers from a cross site scripting vulnerability.
Categories: Security

Packet Storm New Exploits For March, 2018

Mon, 04/02/2018 - 11:59
This archive contains all of the 149 exploits added to Packet Storm in March, 2018.
Categories: Security

Secutech RiS-11/RiS-22/RiS-33 5.07.52_es_FRI01 Remote DNS Changer

Mon, 04/02/2018 - 11:55
Secutech RiS-11/RiS-22/RiS-33 version 5.07.52_es_FRI01 remote DNS changer proof of concept exploit.
Categories: Security

WampServer 3.1.2 Cross Site Request Forgery

Mon, 04/02/2018 - 10:53
WampServer version 3.1.2 suffers from a cross site request forgery vulnerability.
Categories: Security

WebLog Expert Enterprise 9.4 Privilege Escalation

Mon, 04/02/2018 - 08:42
WebLog Expert Enterprise version 9.4 suffers from a privilege escalation vulnerability.
Categories: Security

IBM Virtual Security Operations Center (VSOC) Cross Site Scripting

Mon, 04/02/2018 - 04:22
IBM Virtual Security Operations Center (VSOC) suffers from a cross site scripting vulnerability.
Categories: Security

D-Link DIR-601 Admin Password Disclosure

Sat, 03/31/2018 - 21:22
D-Link DIR-601 suffers from an administrative password disclosure vulnerability.
Categories: Security

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution

Sat, 03/31/2018 - 18:55
VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from authenticated remote code execution vulnerability. Including a cross site request forgery vulnerability, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
Categories: Security

VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal

Sat, 03/31/2018 - 18:33
VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from an authenticated arbitrary file disclosure vulnerability including no session expiration. Input passed via the 'ID' parameter in several Perl scripts is not properly verified before being used to download system files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.
Categories: Security

DotNetNuke DNNarticle Directory Traversal

Sat, 03/31/2018 - 15:22
The DNNarticle module in DotNetNuke version 11 suffers from a directory traversal vulnerability.
Categories: Security

Homematic CCU2 2.29.23 Arbitrary File Write

Sat, 03/31/2018 - 12:22
Homematic CCU2 version 2.29.23 suffers from an arbitrary file write vulnerability.
Categories: Security