Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 5 hours 15 min ago

PHPFox 3.7.5 Authorization Bypass

Sat, 04/05/2014 - 12:02
PHPFox version 3.7.3, 3.7.4, and 3.7.5 suffer from an authorization bypass vulnerability.
Categories: Security

JIRA Issues Collector Directory Traversal

Fri, 04/04/2014 - 22:12
This Metasploit module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists in the issues collector code, while handling attachments provided by the user. It can be exploited in Windows environments to get remote code execution. This Metasploit module has been tested successfully on JIRA 6.0.3 with Windows 2003 SP2 Server.
Categories: Security

Linksys E-Series TheMoon Remote Command Injection

Fri, 04/04/2014 - 22:11
Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.
Categories: Security

ASUS RT-AC68U Cross Site Scripting

Fri, 04/04/2014 - 17:22
ASUS RT-AC68U web management interface suffers from a reflective cross site scripting vulnerability.
Categories: Security

ASUS RT-AC68U Remote Command Execution

Fri, 04/04/2014 - 15:22
ASUS RT-AC68U web management interface suffers from a remote command execution vulnerability.
Categories: Security

Google Voice Private/Unknown Number Disclosure

Fri, 04/04/2014 - 12:22
Google Voice discloses private and unknown numbers that have called you through its search functionality. This exploit helps perform a brute force attack against your contact list.
Categories: Security

NCCGroup EasyDA Credential Disclosure

Fri, 04/04/2014 - 04:22
NCCGroup EasyDA suffers from a credential disclosure vulnerability due to misuse of /tmp.
Categories: Security

Private Photo+Video 1.1 Pro Cross Site Scripting

Thu, 04/03/2014 - 12:22
Private Photo+Video version 1.1 Pro for iOS suffers from a persistent cross site scripting vulnerability.
Categories: Security

MA Lighting Technology grandMA onPC 6.808 Denial Of Service

Thu, 04/03/2014 - 11:02
MA Lighting Technology grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.
Categories: Security

FortiADC 3.2 Cross Site Scripting

Thu, 04/03/2014 - 10:33
FortiADC version 3.2 suffers from a cross site scripting vulnerability.
Categories: Security

ibstat $PATH Privilege Escalation

Thu, 04/03/2014 - 08:03
This Metasploit module exploits the trusted $PATH environment variable of the SUID binary "ibstat".
Categories: Security

Oracle Identity Manager 11g R2 SP1 Unvalidated Redirect

Thu, 04/03/2014 - 06:11
Oracle Identity Manager version 11g R2 SP1 (11.1.2.1.0) suffers from an unvalidated redirect vulnerability.
Categories: Security

WordPress XCloner 3.1.0 Cross Site Request Forgery

Wed, 04/02/2014 - 18:02
WordPress XCloner plugin version 3.1.0 suffers from a cross site request forgery vulnerability.
Categories: Security

MobileIron VSP / Sentry Authentication Bypass

Wed, 04/02/2014 - 12:22
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 suffer from password obfuscation and XPath injection vulnerabilities.
Categories: Security

Drupal 7.26 Custom Search 7.x-1.13 Cross Site Scripting

Wed, 04/02/2014 - 11:02
Drupal Custom Search module version 7.x-1.13 suffers from a cross site scripting vulnerability.
Categories: Security

iShare Your Moving Library 1.0 LFI / File Upload

Wed, 04/02/2014 - 07:02
iShare Your Moving Library version 1.0 for iOS suffers from local file inclusion and remote file upload vulnerabilities.
Categories: Security

A10 Networks ACOS 2.7.0-P2 Buffer Overflow

Wed, 04/02/2014 - 05:11
A10 Networks ACOS version 2.7.0-P2 suffers from a buffer overflow vulnerability.
Categories: Security

Kyocera FS5250 Cross Site Scripting

Wed, 04/02/2014 - 05:02
The Kyocera FS5250 printer suffers from a cross site scripting vulnerability.
Categories: Security

ICOMM 610 Wireless Modem Cross Site Request Forgery

Wed, 04/02/2014 - 04:22
ICOMM 610 wireless modem suffers from a cross site request forgery vulnerability.
Categories: Security

Packet Storm New Exploits For March, 2014

Tue, 04/01/2014 - 18:44
This archive contains all of the 220 exploits added to Packet Storm in March, 2014.
Categories: Security