Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 5 hours 15 min ago
PHPFox version 3.7.3, 3.7.4, and 3.7.5 suffer from an authorization bypass vulnerability.
This Metasploit module exploits a directory traversal flaw in JIRA 6.0.3. The vulnerability exists in the issues collector code, while handling attachments provided by the user. It can be exploited in Windows environments to get remote code execution. This Metasploit module has been tested successfully on JIRA 6.0.3 with Windows 2003 SP2 Server.
Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. This Metasploit module was tested successfully against an E1500 v1.0.5.
ASUS RT-AC68U web management interface suffers from a reflective cross site scripting vulnerability.
ASUS RT-AC68U web management interface suffers from a remote command execution vulnerability.
Google Voice discloses private and unknown numbers that have called you through its search functionality. This exploit helps perform a brute force attack against your contact list.
NCCGroup EasyDA suffers from a credential disclosure vulnerability due to misuse of /tmp.
Private Photo+Video version 1.1 Pro for iOS suffers from a persistent cross site scripting vulnerability.
MA Lighting Technology grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.
FortiADC version 3.2 suffers from a cross site scripting vulnerability.
This Metasploit module exploits the trusted $PATH environment variable of the SUID binary "ibstat".
Oracle Identity Manager version 11g R2 SP1 (184.108.40.206.0) suffers from an unvalidated redirect vulnerability.
WordPress XCloner plugin version 3.1.0 suffers from a cross site request forgery vulnerability.
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 suffer from password obfuscation and XPath injection vulnerabilities.
Drupal Custom Search module version 7.x-1.13 suffers from a cross site scripting vulnerability.
iShare Your Moving Library version 1.0 for iOS suffers from local file inclusion and remote file upload vulnerabilities.
A10 Networks ACOS version 2.7.0-P2 suffers from a buffer overflow vulnerability.
The Kyocera FS5250 printer suffers from a cross site scripting vulnerability.
ICOMM 610 wireless modem suffers from a cross site request forgery vulnerability.
This archive contains all of the 220 exploits added to Packet Storm in March, 2014.