Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 4 hours 50 min ago

FoeCMS XSS / SQL Injection / Open Redirect

Fri, 07/04/2014 - 09:33
FoeCMS suffers from cross site scripting, open redirect, and remote SQL injection vulnerabilities.
Categories: Security

WordPress NextGEN Gallery 2.0.63 Shell Upload

Thu, 07/03/2014 - 18:04
WordPress NextGEN Gallery plugin version 2.0.63 suffers from a remote shell upload vulnerability.
Categories: Security

Raritan PX IPMI Disclosure

Thu, 07/03/2014 - 13:22
Raritan PX suffers from IPMI zero cipher and password hash dumping vulnerabilities.
Categories: Security

Kanboard 1.0.5 Cross Site Request Forgery

Wed, 07/02/2014 - 17:22
Kanboard version 1.0.5 suffers from a cross site request forgery vulnerability.
Categories: Security

Ntop-NG 1.1 Cross Site Scripting

Wed, 07/02/2014 - 16:57
Ntop-NG version 1.1 suffers from a reflective cross site scripting vulnerability.
Categories: Security

OpenDocMan 1.2.7.2 Cross Site Scripting

Wed, 07/02/2014 - 08:03
OpenDocMan version 1.2.7.2 suffers from a stored cross site scripting vulnerability.
Categories: Security

Zurmo CRM Cross Site Scripting

Wed, 07/02/2014 - 05:22
Zurmo CRM suffers from a stored cross site scripting vulnerability.
Categories: Security

CMS ContWEB SQL Injection

Wed, 07/02/2014 - 05:11
CMS ContWEB suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
Categories: Security

EMC Documentum eRoom Stored Cross Site Scripting

Tue, 07/01/2014 - 19:37
EMC Documentum eRoom versions 7.4.3, 7.4.4, and 7.4.4 SP1 suffer from a stored cross site scripting vulnerability.
Categories: Security

Kerio Control 8.3.1 Blind SQL Injection

Tue, 07/01/2014 - 19:34
Kerio Control versions 8.3.1 and below suffer from a boolean-based blind remote SQL injection vulnerability.
Categories: Security

Internet Explorer 8 Bypass

Tue, 07/01/2014 - 15:22
Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 4.1.x bypass exploit.
Categories: Security

Packet Storm New Exploits For June, 2014

Mon, 06/30/2014 - 20:13
This archive contains all of the 127 exploits added to Packet Storm in June, 2014.
Categories: Security

Baidu Spark Browser 26.5.9999.3511 Stack Overflow

Mon, 06/30/2014 - 18:33
Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.
Categories: Security

IBM Algorithmics RICOS Disclosure / XSS / CSRF

Mon, 06/30/2014 - 18:02
IBM Algorithmics RICOS versions 4.5.0 through 4.7.0 suffer from cross site scripting, cross site request forgery, information disclosure, data manipulation, broken encryption, and various other vulnerabilities.
Categories: Security

Gitlist 0.4.0 Remote Code Execution

Mon, 06/30/2014 - 17:22
Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
Categories: Security

WordPress Theme My Login 6.3.9 Local File Inclusion

Mon, 06/30/2014 - 12:32
WordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.
Categories: Security

IBM Sametime Meeting Server Arbitrary File Upload

Mon, 06/30/2014 - 07:02
IBM Sametime Meeting Server allow anonymous users to send arbitrary files changing the Content-type post. The file upload restrictions occur only client side. Version 8.5.1 is affected.
Categories: Security

Horde Framework Unserialize PHP Code Execution

Sun, 06/29/2014 - 13:32
Horde Framework unserialize PHP code execution exploit ported from Metasploit.
Categories: Security

Nagios check_dhcp 2.0.2 Race Condition

Sun, 06/29/2014 - 13:22
Nagios Plugins versions 2.0.2 suffer from a race condition in check_dhcp.
Categories: Security

Flussonic Media Server 4.3.3 File Read / Directory Listing

Sun, 06/29/2014 - 12:32
Flussonic Media Server version 4.3.3 suffers from arbitrary file read and directory listing disclosure vulnerabilities.
Categories: Security