Latest Exploits

Syndicate content Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Updated: 20 hours 10 min ago

Dell SonicWALL Secure Mobile Access SMA 8.1 CSRF / XSS

Fri, 12/30/2016 - 10:40
Dell SonicWALL Secure Mobile Access SMA version 8.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Categories: Security

Dell SonicWALL Network Security Appliance NSA 6600 XSS

Fri, 12/30/2016 - 10:38
Dell SonicWALL Network Security Appliance NSA 6600 suffers from a reflective cross site scripting vulnerability. Versions affected include NSA 6600 running SonicOS Enhanced 6.2.4.3-31n, WXA 4000 running 1.3.2.0-07, and SafeMode 6.1.0.11.
Categories: Security

Dell SonicWALL Global Management System GMS 8.1 Adobe Flex SOP Bypass

Fri, 12/30/2016 - 10:37
Dell SonicWALL GMS versions 8.1 and below are compiled with a vulnerable version of Adobe Flex SDK allowing for same-origin request forgery and cross-site content hijacking.
Categories: Security

Dell SonicWALL Global Management System GMS 8.1 Cross Site Scripting

Fri, 12/30/2016 - 10:36
Dell SonicWALL Global Management System GMS version 8.1 suffers from multiple cross site scripting vulnerabilities.
Categories: Security

Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection

Fri, 12/30/2016 - 10:35
Dell SonicWALL Global Management System GMS version 8.1 suffers from multiple blind SQL Injection vulnerabilities.
Categories: Security

WordPress Templatic 2.3.6 File Upload

Fri, 12/30/2016 - 00:55
WordPress Templatic plugin versions 2.3.6 and below suffer from a remote file upload vulnerability.
Categories: Security

SwiftMailer Remote Code Execution

Thu, 12/29/2016 - 12:39
SwiftMailer versions prior to 5.4.5-DEV suffers from a remote code execution vulnerability.
Categories: Security

Joomla aWeb Cart Watching System For Virtuemart 2.6.0 SQL Injection

Thu, 12/29/2016 - 12:37
Joomla aWeb Cart Watching System for Virtuemart component version 2.6.0 suffers from a remote SQL injection vulnerability.
Categories: Security

PHPMailer Remote Code Execution

Thu, 12/29/2016 - 05:11
PHPMailer versions prior to 5.2.18 remote code execution exploit. Written in python.
Categories: Security

WordPress Simply Poll 1.4.1 SQL Injection

Wed, 12/28/2016 - 10:55
WordPress Simply Poll plugin version 1.4.1 suffers from a remote SQL injection vulnerability.
Categories: Security

PHPMailer Remote Code Execution

Wed, 12/28/2016 - 10:50
PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.
Categories: Security

Popcorn Time 5.6 DLL Hijacking

Wed, 12/28/2016 - 08:13
Popcorn Time version 5.6 suffers from a dll hijacking vulnerability.
Categories: Security

WordPress Image Slider 1.1.41 / 1.1.89 Arbitrary File Deletion

Tue, 12/27/2016 - 11:40
WordPress Image Slider plugin versions 1.1.41 and 1.1.89 suffer from an arbitrary file deletion vulnerability.
Categories: Security

PHPMailer 5.2.17 Remote Code Execution

Tue, 12/27/2016 - 11:38
PHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.
Categories: Security

PHPMailer 5.2.17 Remote Code Execution

Mon, 12/26/2016 - 16:09
PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.
Categories: Security

Wampserver 3.0.6 Privilege Escalation

Mon, 12/26/2016 - 16:07
Wampserver version 3.0.6 suffers from an insecure file permissions privilege escalation vulnerability.
Categories: Security

Joomla! Blog Calendar SQL Injection

Mon, 12/26/2016 - 16:06
Joomla! Blog Calendar versions prior to 1.2.5 suffer from a remote SQL injection vulnerability.
Categories: Security

Android get_user/put_user Exploit

Mon, 12/26/2016 - 09:04
This Metasploit module exploits a missing check in the get_user and put_user API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commit_creds and ptmx_fops address, then uses the write primitive to execute shellcode as uid 0. The exploit was first discovered in the wild in the vroot rooting application.
Categories: Security

FTPShell Server 6.36 Denial Of Service

Sun, 12/25/2016 - 23:44
FTPShell Server version 6.36 .csv local denial of service vulnerability.
Categories: Security

XAMPP Control Panel Denial Of Service

Sat, 12/24/2016 - 12:09
XAMPP Control Panel suffers from a denial of service vulnerability.
Categories: Security