Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 13 hours 47 min ago

Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege Escalation

Sun, 07/06/2014 - 13:31
Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable. Versions 4.7.3208 and 4.5.2.3010 are affected.
Categories: Security

WordPress Themes File Download / Deletion

Sat, 07/05/2014 - 14:22
Multiple WordPress themes suffer from arbitrary file download and file deletion vulnerabilities. Included are Awake, Construct, Dejavu, Echelon, Elegance, Fusion, Infocus, Mega, Method, Modular, MyRiad, Oakrealty, Persuasion, and Binary.
Categories: Security

Feed2JS File Disclosure

Sat, 07/05/2014 - 09:02
Feed2JS uses MagpieRSS for parsing the feeds, and MagpieRSS uses Snoopy library for fetching the documents. The version of Snoopy in use suffers from a local file disclosure vulnerability.
Categories: Security

Symbiose Webos Cross Site Scripting / Path Disclosure

Sat, 07/05/2014 - 09:02
Symbiose Webos suffers from cross site scripting and path disclosure vulnerabilities.
Categories: Security

FoeCMS XSS / SQL Injection / Open Redirect

Fri, 07/04/2014 - 09:33
FoeCMS suffers from cross site scripting, open redirect, and remote SQL injection vulnerabilities.
Categories: Security

WordPress NextGEN Gallery 2.0.63 Shell Upload

Thu, 07/03/2014 - 18:04
WordPress NextGEN Gallery plugin version 2.0.63 suffers from a remote shell upload vulnerability.
Categories: Security

Raritan PX IPMI Disclosure

Thu, 07/03/2014 - 13:22
Raritan PX suffers from IPMI zero cipher and password hash dumping vulnerabilities.
Categories: Security

Kanboard 1.0.5 Cross Site Request Forgery

Wed, 07/02/2014 - 17:22
Kanboard version 1.0.5 suffers from a cross site request forgery vulnerability.
Categories: Security

Ntop-NG 1.1 Cross Site Scripting

Wed, 07/02/2014 - 16:57
Ntop-NG version 1.1 suffers from a reflective cross site scripting vulnerability.
Categories: Security

OpenDocMan 1.2.7.2 Cross Site Scripting

Wed, 07/02/2014 - 08:03
OpenDocMan version 1.2.7.2 suffers from a stored cross site scripting vulnerability.
Categories: Security

Zurmo CRM Cross Site Scripting

Wed, 07/02/2014 - 05:22
Zurmo CRM suffers from a stored cross site scripting vulnerability.
Categories: Security

CMS ContWEB SQL Injection

Wed, 07/02/2014 - 05:11
CMS ContWEB suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
Categories: Security

EMC Documentum eRoom Stored Cross Site Scripting

Tue, 07/01/2014 - 19:37
EMC Documentum eRoom versions 7.4.3, 7.4.4, and 7.4.4 SP1 suffer from a stored cross site scripting vulnerability.
Categories: Security

Kerio Control 8.3.1 Blind SQL Injection

Tue, 07/01/2014 - 19:34
Kerio Control versions 8.3.1 and below suffer from a boolean-based blind remote SQL injection vulnerability.
Categories: Security

Internet Explorer 8 Bypass

Tue, 07/01/2014 - 15:22
Internet Explorer 8 fixed col span ID full ASLR, DEP, and EMET 4.1.x bypass exploit.
Categories: Security

Packet Storm New Exploits For June, 2014

Mon, 06/30/2014 - 20:13
This archive contains all of the 127 exploits added to Packet Storm in June, 2014.
Categories: Security

Baidu Spark Browser 26.5.9999.3511 Stack Overflow

Mon, 06/30/2014 - 18:33
Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.
Categories: Security

IBM Algorithmics RICOS Disclosure / XSS / CSRF

Mon, 06/30/2014 - 18:02
IBM Algorithmics RICOS versions 4.5.0 through 4.7.0 suffer from cross site scripting, cross site request forgery, information disclosure, data manipulation, broken encryption, and various other vulnerabilities.
Categories: Security

Gitlist 0.4.0 Remote Code Execution

Mon, 06/30/2014 - 17:22
Gitlist versions 0.4.0 and below suffer from a remote code execution vulnerability.
Categories: Security

WordPress Theme My Login 6.3.9 Local File Inclusion

Mon, 06/30/2014 - 12:32
WordPress Theme My Login plugin version 6.3.9 provides access to arbitrary files and could facilitate arbitrary code execution.
Categories: Security