Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 23 hours 11 min ago

INFOR EAM 11.0 Build 201410 SQL Injection

Mon, 05/15/2017 - 12:02
INFOR EAM version 11.0 build 201410 suffers from a remote SQL injection vulnerability.
Categories: Security

INFOR EAM 11.0 Build 201410 Cross Site Scripting

Mon, 05/15/2017 - 10:55
INFOR EAM version 11.0 build 201410 suffers from a stored cross site scripting vulnerability.
Categories: Security

Cerberus FTP 8.0.10.3 MLST Buffer Overflow

Sun, 05/14/2017 - 21:22
This Metasploit module exploits a buffer overflow in the Cerberus FTP client version 8.0.10.3 that is triggered by sending a bad char "A" in the command "MLST".
Categories: Security

OpenEXR 2.2.0 Crash

Sun, 05/14/2017 - 20:11
This archive contains a zip file of EXR images that cause segmentation faults in the OpenEXR library version 2.2.0.
Categories: Security

MailCow 0.14 Cross Site Request Forgery

Sun, 05/14/2017 - 15:22
MailCow version 0.14 suffers from multiple cross site request forgery vulnerabilities.
Categories: Security

Quest Privilege Manager pmmasterd Buffer Overflow

Sat, 05/13/2017 - 10:59
This Metasploit modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems. The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy server ( Privilege Manager for Unix or Quest Sudo Plugin). A buffer overflow condition exists when handling requests of type ACT_ALERT_EVENT, where the size of a memcpy can be controlled by the attacker. This Metasploit module only works against version < 6.0.0-27. Versions up to 6.0.0-50 are also vulnerable, but not supported by this module (a stack cookie bypass is required). NOTE: To use this module it is required to be able to bind a privileged port ( <=1024 ) as the server refuses connections coming from unprivileged ports, which in most situations means that root privileges are required.
Categories: Security

miniupnpc 2.0.20170421 Denial Of Service

Fri, 05/12/2017 - 06:11
miniupnpc suffers from an integer signedness error when parsing a chunked encoded http response.
Categories: Security

CMS Made Simple 2.1.6 Code Execution / Cross Site Scripting

Fri, 05/12/2017 - 05:11
CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.
Categories: Security

EnCase Forensic Imager 7.10 Buffer Overflow

Fri, 05/12/2017 - 05:11
Guidance Software EnCase Forensic Imager versions 7.10 and below suffer from a stack-based buffer overflow vulnerability.
Categories: Security

Google API PHP Client 2.1.3 Cross Site Scripting

Fri, 05/12/2017 - 04:22
google-api-php-client versions 2.1.3 and below suffer from multiple cross site scripting vulnerabilities.
Categories: Security

Trashbilling.com / Trashflow 3.0 XSS / SQL Injection

Thu, 05/11/2017 - 23:44
Trashbilling.com suffered from account enumeration, cross site scripting, denial of service, and remote SQL injection vulnerabilities. Trashflow 3.0 suffers from denial of service and hard-coded credential vulnerabilities.
Categories: Security

OpenVPN 2.4.0 Denial Of Service

Thu, 05/11/2017 - 22:02
OpenVPN version 2.4.0 suffers from an unauthenticated denial of service vulnerability.
Categories: Security

Linux Kernel 3.x usb-midi Local Privilege Escalation

Thu, 05/11/2017 - 21:22
Linux kernel version 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) double-free usb-midi SMEP local privilege escalation exploit.
Categories: Security

Vanilla Forums 2.3 Remote Code Execution

Thu, 05/11/2017 - 20:11
Vanilla Forums versions 2.3 and below remote code execution exploit.
Categories: Security

Linux Kernel SO_SNDBUFFORCE / SO_RCVBUFFORCE Local Privilege Escalation

Thu, 05/11/2017 - 19:32
Linux kernel versions 3.11 through 4.8 O_SNDBUFFORCE and SO_RCVBUFFORCE local privilege escalation exploit.
Categories: Security

WordPress User Access Manager 1.2.14 Cross Site Scripting

Thu, 05/11/2017 - 13:22
WordPress User Access Manager plugin versions 1.2.14 and below suffer from a cross site scripting vulnerability.
Categories: Security

WordPress Tracking Code Manager 1.11.1 XSS / DoS

Thu, 05/11/2017 - 12:33
WordPress Tracking Code Manager plugin versions 1.11.1 and below suffer from cross site scripting and denial of service vulnerabilities.
Categories: Security

Microsoft IIS WebDav ScStoragePathFromUrl Overflow

Wed, 05/10/2017 - 21:23
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If:
Categories: Security

QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 Authentication Bypass

Wed, 05/10/2017 - 21:19
QNAP PhotoStation version 5.2.4 and MusicStation version 4.8.4 suffer from an authentication bypass vulnerability.
Categories: Security

Gongwalker API Manager 1.1 Cross Site Request Forgery

Wed, 05/10/2017 - 21:17
Gongwalker API Manager version 1.1 suffers from cross site request forgery vulnerabilities.
Categories: Security