Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 11 hours 26 min ago

ClassAd 3.0 SQL Injection

Tue, 12/09/2014 - 15:32
ClassAd version 3.0 suffers from a remote SQL injection vulnerability.
Categories: Security

espn.go.com Cross Site Scripting / Open Redirect

Tue, 12/09/2014 - 15:32
espn.go.com suffers from cross site scripting and open redirection vulnerabilities.
Categories: Security

Concrete5 CMS 5.7.2 / 5.7.2.1 Cross Site Scripting

Tue, 12/09/2014 - 15:32
Concrete5 CMS versions 5.7.2 and 5.7.2.1 suffer from multiple reflective cross site scripting vulnerabilities.
Categories: Security

PingFederate 6.10.1 SP Endpoints Open Redirect

Tue, 12/09/2014 - 09:04
PingFederate 6.10.1 SP Endpoints suffers from an insecure open redirection vulnerability.
Categories: Security

Keurig 2.0 Authentication Bypass

Tue, 12/09/2014 - 05:32
There's a simple hardware hack to fool the sensor so that you can use any K-Cup on a Keurig 2.0 machine. It is pretty obvious, but having seen this written up, it had to be posted.
Categories: Security

IceHrm 7.1 LFI / CSRF / XSS / Shell Upload

Mon, 12/08/2014 - 13:17
IceHrm versions 7.1 and below suffer from cross site request forgery, cross site scripting, local file inclusion, and code execution via remote shell upload vulnerabilities.
Categories: Security

Flat Calendar 1.1 HTML Injection

Sun, 12/07/2014 - 23:44
Flat Calendar version 1.1 suffers from an unauthenticated html injection vulnerability that allows for cross site scripting attacks.
Categories: Security

get3.adobe.com Cross Site Scripting

Sun, 12/07/2014 - 23:44
Adobe's get3.adobe.com site suffered from a reflective cross site scripting vulnerability.
Categories: Security

PBBoard CMS Cross Site Scripting

Sun, 12/07/2014 - 22:44
PBBoard CMS suffers from a persistent cross site scripting vulnerability.
Categories: Security

WordPress Ajax Store Locator 1.2 Arbitrary File Download

Sun, 12/07/2014 - 12:22
WordPress Ajax Store Locator plugin version 1.2 suffers from an arbitrary file download vulnerability.
Categories: Security

CMS Made Simple Install SQL Injection Command Execution

Sun, 12/07/2014 - 04:33
CMS Made Simple can have its install functionality leveraged to insert a malicious SQL statement that allows for command execution pass through.
Categories: Security

Douran Portal Cross Site Scripting

Sat, 12/06/2014 - 22:33
Douran Portal suffers from a cross site scripting vulnerability in Slider.ashx. Note that this finding houses site-specific data.
Categories: Security

Coinbase User Enumeration

Sat, 12/06/2014 - 09:33
Coinbase suffers from a user enumeration vulnerability that can also allow for email disclosure. Proof of concept code included.
Categories: Security

NASA Orion (Mars) Filter Bypass / Persistent Cross Site Scripting

Fri, 12/05/2014 - 13:24
The NASA Orion (Mars) website suffers from filter bypass and persistent cross site scripting vulnerabilities.
Categories: Security

OpenEMR 4.1.2(7) SQL Injection

Fri, 12/05/2014 - 10:23
OpenEMR versions 4.1.2(7) and below suffer from multiple remote SQL injection vulnerabilities.
Categories: Security

Packet Storm Exploit 2014-1204-1 - Offset2lib: Bypassing Full ASLR On 64bit Linux

Thu, 12/04/2014 - 20:01
Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.
Categories: Security

PBBoard CMS SQL Injection

Thu, 12/04/2014 - 18:29
PBBoard CMS version 3.0.1 (updated on 13/09/2014) and below suffer from multiple remote SQL injection vulnerabilities.
Categories: Security

Advertise With Pleasure! (AWP) 6.6 SQL Injection

Thu, 12/04/2014 - 05:32
Advertise With Pleasure! (AWP) versions 6.6 and below suffer from a remote SQL injection vulnerability.
Categories: Security

Cart66 Lite WordPress Ecommerce 1.5.1.17 SQL Injection

Wed, 12/03/2014 - 22:33
Cart66 Lite WordPress Ecommerce version 1.5.1.17 suffers from a remote blind SQL injection vulnerability.
Categories: Security

Google Document Embedder 2.5.16 SQL Injection

Wed, 12/03/2014 - 19:44
Google Document Embedder version 2.5.16 suffers from a mysql_real_escape_string bypass SQL injection vulnerability.
Categories: Security