Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 3 hours 23 min ago

ManageEngine Password Manager MetadataServlet.dat SQL Injection

Fri, 08/22/2014 - 14:38
This Metasploit module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYSTEM in Windows or as the user in Linux. This Metasploit module exploits both PostgreSQL (newer builds) and MySQL (older or upgraded builds). MySQL targets are more reliable due to the use of relative paths; with PostgreSQL you should find the web root path via other means and specify it with WEB_ROOT. The injection is only exploitable via a GET request, which means that the payload has to be sent in chunks smaller than 8000 characters (URL size limitation). Small payloads and the use of exe-small is recommended, as you can only do between 10 and 20 injections before using up all the available ManagedConnections until the next server restart. This vulnerability exists in all versions released since 2006, however builds below DC v7 70200 and PMP v6 6500 do not ship with a JSP compiler. You can still try your luck using the MySQL targets as a JDK might be installed in the $PATH.
Categories: Security

MyBB 1.6.15 Cross Site Request Forgery

Fri, 08/22/2014 - 14:22
MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.
Categories: Security

CMS Agencija O2 Cross Site Scripting / SQL Injection

Fri, 08/22/2014 - 05:22
CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities.
Categories: Security

MyBB 1.8 Beta 3 Cross Site Scripting / SQL Injection

Thu, 08/21/2014 - 09:02
MyBB version 1.8 Beta 3 suffers from cross site scripting and remote SQL injection vulnerabilities.
Categories: Security

Dashing Times SQL Injection

Thu, 08/21/2014 - 05:11
Content management systems designed by Dashing Times appear susceptible to remote SQL injection vulnerabilities.
Categories: Security

WordPress All In One SEO Pack 2.2.2 Cross Site Scripting

Wed, 08/20/2014 - 10:32
WordPress All In One SEO Packet plugin version 2.2.2 suffers from a persistent cross site scripting vulnerability.
Categories: Security

ArticleFR 3.0.4 SQL Injection

Wed, 08/20/2014 - 10:30
ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability.
Categories: Security

ManageEngine Desktop Central / Password Manager Pro / IT360 SQL Injection

Wed, 08/20/2014 - 10:25
ManageEngine Desktop Central, Password Manager Pro, and IT360 suffer from remote blind SQL injection vulnerabilities. Metasploit module included.
Categories: Security

HybridAuth install.php PHP Code Execution

Tue, 08/19/2014 - 19:00
This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application configuration file rendering the application unusable.
Categories: Security

BlazeDVD Pro 7.0 Buffer Overflow

Tue, 08/19/2014 - 18:51
BlazeDVD Pro version 7.0 SEH buffer overflow exploit written in python.
Categories: Security

Bulletproof FTP Client 2010 Buffer Overflow

Tue, 08/19/2014 - 18:04
Bulletproof FTP Client 2010 SEH buffer overflow exploit written in python.
Categories: Security

Gitlab-shell Code Execution

Mon, 08/18/2014 - 13:22
This Metasploit module takes advantage of the addition of authorized ssh keys in the gitlab-shell functionality of Gitlab. Versions of gitlab-shell prior to 1.7.4 used the ssh key provided directly in a system call resulting in a command injection vulnerability. As this relies on adding an ssh key to an account valid credentials are required to exploit this vulnerability.
Categories: Security

Firefox toString console.time Privileged Javascript Injection

Mon, 08/18/2014 - 13:20
This Metasploit module gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.
Categories: Security

Senkas Kolibri WebServer 2.0 Buffer Overflow

Mon, 08/18/2014 - 13:11
Senkas Kolibri WebServer version 2.0 is vulnerable to remote code execution via an overly long POST request. Sending the exploit will result in a SEH overwrite, which can then be use to redirect execution to a POP POP RET within the application's binary itself, which once executed, will allow the attacker to execute his/her payload located in the HOST field.
Categories: Security

Tenda A5s Router Authentication Bypass

Mon, 08/18/2014 - 13:03
Tenda A5s router suffers from an authentication bypass vulnerability due to improperly trusting cookies.
Categories: Security

Webasyst Shop Script 5.2.2.30933 Cross Site Scripting

Sat, 08/16/2014 - 22:33
Webasuyst Shop Script version 5.2.2.30933 suffers from a persistent cross site scripting vulnerability.
Categories: Security

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

Fri, 08/15/2014 - 11:44
RiverBed Stingray Traffic Manager virtual appliance version 9.6 suffers from a cross site scripting vulnerability.
Categories: Security

LY Website CMS SQL Injection

Fri, 08/15/2014 - 07:22
LY Website CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
Categories: Security

VirtualBox 3D Acceleration Virtual Machine Escape

Wed, 08/13/2014 - 21:30
This Metasploit module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted of rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the host. This Metasploit module has been tested successfully on Windows 7 SP1 (64 bits) as Host running Virtual Box 4.3.6.
Categories: Security

VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution

Wed, 08/13/2014 - 21:28
VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. Port binding payloads are disregarded due to the restrictive firewall settings. This Metasploit module has been tested successfully on VMTurbo Operations Manager versions 4.5 and 4.6.
Categories: Security