This archive contains 169 exploits that were added to Packet Storm in May, 2015.
1e210c49200d2e1019925cd51dce344cb92fb382fa1c82ab9fcc549a1e13df84WordPress XCloner plugin version 3.1.2 suffers from command execution and cross site scripting vulnerabilities.
a4af6fa843195d4c5bda3c72aba2e2027e9a000d41b61387a8c55e49ec7cde05Ektron CMS versions 9.10 SP1 build 9.1.0.184.1.102 and below suffer from a cross site scripting vulnerability.
1f2904a76113f1d8e778535c4e4695511af49f099b8ab84bb1889d528eeecb52WebDrive version 12.2 suffers from a buffer overflow vulnerability.
2cd7ee4b7f9a78baeb63e80645cb1a74880486e267c923bd49e52d9fe614d1caEktron CMS versions 9.10 SP1 build 9.1.0.184.1.114 and below suffer from a cross site request forgery vulnerability.
f8bb1b8f08a6b654a36d0ccde5fda388cd4bfc74c7d60492743f9c6a15ed1cfcDolibarr versions 3.5 and 3.6 suffer from an html injection vulnerability.
9f00b2420b60681ea925cc5da4b190b35ab50e4a25ec8237ea484ea6ff025c54PonyOS versions 3.0 and below VFS privilege escalation exploit.
ef480619bfd3cba06fec4e08ff8068c41ddf33aebf80b9fb5a1574099b479586Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation.
a727354d03f176b35f63aa0ffc5bb38a19701e52b268455eadf7ca7c31e71bffThis Metasploit module exploits a remote buffer overflow vulnerability on several Airties routers. The vulnerability exists in the handling of HTTP queries to the login cgi with long redirect parameters. The vulnerability doesn't require authentication. This Metasploit module has been tested successfully on the AirTies_Air5650v3TT_FW_1.0.2.0.bin firmware with emulation. Other versions such as the Air6372, Air5760, Air5750, Air5650TT, Air5453, Air5444TT, Air5443, Air5442, Air5343, Air5342, Air5341, Air5021 are also reported as vulnerable.
e3284b80df8a49e84fe10eeeefb856090ee5b49ba6f62e629a9763e62071ed9aDifferent D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR
e20ef0dd89ff88caf92c753721ba8454b95e56f6cc1668c930745008c71c7246Flash by design allows local SWF files to read arbitrary local files, but prevents communication with remote servers. By smuggling data through a timing side-channel, this can be circumvented, allowing local SWF files to exfiltrate the contents of arbitrary local files to the internet.
4020cca47ad48bad8205cc27d4fc29cfb9c596aa0ec345c05d58ff93a38af714ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues.
ca946d1c96a67953dcdbf356af61138199a591b19f2e94b31632830e11113290Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities.
a557a41cc14f0fa4371e88173d14cc9d2536437e1d9f3a70dba00fcae55b4b4bJSPAdmin version 1.1 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
8c8845746909deb94bd650f31176c3002998cc354834cd3fceef8f287bc9ffb3SOHO routers have been found vulnerable to privilege escalation, information disclosure, cross site request forgery, cross site scripting, authentication bypass, denial of service, and various other vulnerabilities.
b2f2c880262864949aed2787d7dbd1a1af58648ac6dc6fce4d75c119ce30c8a3Invision Power Board versions 3.4.7 and below suffer from a remote SQL injection vulnerability.
ccc8d7042208971ccc1a5b517c5d3acce70ae9a88bb02dfb50ca9bb3a7a31ca2Vevocart version 6.1.0 suffers from an open redirection vulnerability.
d7f23912aab51e824ef12b4488419191ca88592fdd7e16d5a9c8952118503303IBM Cognos Business Intelligence Developer version 10.2.1 suffers from an open redirect vulnerability.
28924269aaba0ce326079ba87bd57cf6995c1fd3254a0b20b6537b162200cbc8IBM Lotus Domino versions 8.5.3 and 8.5.4 suffer from a cross site scripting vulnerability.
a9c7b5a6acd2dc98c24765c4697677db50a82e0896a6a5a0880f6bd65e268444Audacity version 2.0.5 suffers from a dll hijacking vulnerability.
cba8abb3947bab007e378419576fafc851657cf694c8e967cbb02fd2cccde97fhwclock on Linux, when setuid, allows for local root-level privilege escalation.
4246d26ca5258f5c8cc8caae6c6deb68ddb424b7c5857ee3b48514365d5cf9e1WordPress Free Counter plugin version 1.1 suffers from a cross site scripting vulnerability.
f8e0c8d2d3d13f1bf63e862b04f0f8b82e0b0a4dd9062e75942953c2659df47eDbNinja Flash version 3.2.6 suffers from multiple cross site scripting vulnerabilities.
951ff7215e594f45a109ecbe7196d97fd3b0526fea1160a0e4f9524253976dceSOPHOS WAF fails to mitigate SQL injection attacks leveraged via JSON.
7c4905fd9d75cb2fe8a2a7130f59acfdaf94e04066de14122ac0d354d465b979WordPress WP Fast Cache plugin version 1.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
ac41aca70c5a88f3a41f984ab0c2e9a4230e3046cb8b4f0c82930a77e26d30c1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed