Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 16 hours 12 min ago

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

Thu, 07/17/2014 - 17:43
Omeka version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

Trixbox XSS / LFI / SQL Injection / Code Execution

Thu, 07/17/2014 - 17:39
Trixbox suffers from cross site scripting, local file inclusion, SQL injection, and remote code execution vulnerabilities.
Categories: Security

OL-Commerce 2.1.1 Cross Site Scripting / SQL Injection

Thu, 07/17/2014 - 17:38
OL-Commerce version 2.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
Categories: Security

Bitdefender GravityZone File Disclosure / Missing Authentication

Wed, 07/16/2014 - 17:52
Bitdefender GravityZone versions prior to suffer from local file disclosure, insecure service configuration, and missing authentication vulnerabilities.
Categories: Security

e107 2.0 alpha2 Cross Site Scripting

Wed, 07/16/2014 - 17:48
e107 version 2.0 alpha2 suffers from a reflective cross site scripting vulnerability.
Categories: Security

Citrix Netscaler Disclosure / Cross Site Scripting

Wed, 07/16/2014 - 17:42
Citrix NetScaler Application Delivery Controller and Citrix NetScaler Gateway are susceptible to cookie disclosure and reflective cross site scripting vulnerabilities.
Categories: Security

Alfresco Community Edition 4.2.f Server Side Request Forgery

Wed, 07/16/2014 - 17:29
Alfresco Community Edition versions 4.2.f and below suffer from multiple server side request forgery vulnerabilities.
Categories: Security

Joomla Youtube Gallery 4.1.7 SQL Injection

Wed, 07/16/2014 - 17:23
Joomla Youtube Gallery component version 4.1.7 suffers from a remote SQL injection vulnerability.
Categories: Security

Concrete REFERER Cross Site Scripting

Wed, 07/16/2014 - 17:23
Concrete version suffers from a REFERER header-based cross site scripting vulnerability.
Categories: Security

Open Web Analytics 1.5.7 Cross Site Scripting / Remote File Inclusion

Wed, 07/16/2014 - 17:20
Open Web Analytics version 1.5.7 suffers from cross site scripting and remote file inclusion vulnerabilities.
Categories: Security

NTP Amplification Denial Of Service Tool

Wed, 07/16/2014 - 15:22
Proof of concept code to exploit an NTP amplification attack. Written in Python.
Categories: Security

Boat Browser 8.0 / 8.0.1 Remote Code Execution

Wed, 07/16/2014 - 08:33
Boat Browser versions 8.0 and 8.0.1 suffer from a remote code execution vulnerability.
Categories: Security

Wordpress WPTouch Authenticated File Upload

Tue, 07/15/2014 - 13:33
The Wordpress WPTouch plugin contains an authenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to the upload folder. Because the plugin also uses it's own file upload mechanism instead of the wordpress api it's possible to upload any file type. The user provided does not need special rights. Also users with "Contributer" role can be abused.
Categories: Security

Browserify 4.2.0 Remote Command Execution

Tue, 07/15/2014 - 12:22
Browserify versions 4.2.0 and below suffer from a remote command execution vulnerability.
Categories: Security

Oracle VirtualBox Guest Additions Arbitrary Write Privilege Escalation

Tue, 07/15/2014 - 11:22
A vulnerability within VBoxGuest module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile. Oracle VirtualBox Guest Additions versions 4.3.8 through 4.3.10 are affected.
Categories: Security

OctavoCMS Admin Panel Cross Site Scripting

Tue, 07/15/2014 - 06:11
OctavoCMS suffers from cross site scripting vulnerabilities in its administrative panel functionality.
Categories: Security

HP Data Protection Manager 8.10 Remote Command Execution

Tue, 07/15/2014 - 05:22
HP Data Protection manager version 8.10 suffers from a remote command execution.
Categories: Security

Elipse E3 Scada PLC Denial Of Service

Mon, 07/14/2014 - 23:44
HTTP requests flooding an Elipse E3 Scada PLC triggers a denial of service condition.
Categories: Security

Sqlbuddy 1.3.2 / 1.3.3 Cross Site Scripting

Mon, 07/14/2014 - 18:57
Sqlbuddy versions 1.3.2 and 1.3.3 suffer from a reflective cross site scripting vulnerability.
Categories: Security

OpenCart PHP Object Injection

Mon, 07/14/2014 - 18:02
OpenCart versions and below suffer from a PHP objection injection vulnerability.
Categories: Security