This Metasploit module exploits a vulnerability found in QuickShare File Share's FTP service. By supplying "../" in the file path, it is possible to trigger a directory traversal flaw, allowing the attacker to read a file outside the virtual directory. By default, the "Writable" option is enabled during account creation, therefore this makes it possible to create a file at an arbitrary location, which leads to remote code execution.
f232667933a9b74318156ffe27e5e96cb2ePMS version 1.0 suffers from multiple remote SQL injection vulnerabilities.
42298de74f5e382122bf6d9b2440ee81WhyWeb suffers from a remote SQL injection vulnerability.
6d3ab7b3f1457ff72887080dd37aad19Santilga CMS version 1.2.6.3 suffers from cross site request forgery and remote SQL injection vulnerabilities.
faf336b3a1b026bfc8e870b2405b19a6AzDGDatingMedium version 1.9.3 suffers from cross site request forgery, cross site scripting, php code execution, remote SQL injection, and directory traversal vulnerabilities.
6962b986c26730e365d1c16552cababaiOS versions 5.1.1 and below Safari Browser JS match(), search() crash proof of concept exploit.
4c3d65eecf219e11043dc54dccc454f8PHP List version 2.10.9 suffers from a remote PHP code injection vulnerability.
0242d7481f2a7870b00218bc4efd3a7dSmall CMS suffers from a remote PHP code injection vulnerability.
cc559ce5b66ce07d448792573d28d86dSymantec Web Gateway version 5.0.2 remote local file inclusion root exploit.
e1cd70ed9ddc7db0a7bc45a9ac537159Gekko CMS appears to suffer from a file disclosure vulnerability.
fc10d007f192d991f48cc9832fb49312This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
8dc19f398388284a81cf2ecae5005436This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
d5c7b728cc34e438d56471e6fbda49bdResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
6f23782d3add86957f122b199a5849ecThis Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
c93d65487a1c0efc12fc9a8a68adc5dbLogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
2427d2cf98e92db38be0f21c58da1065Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
7b79d17eacb9df80bafc88ab8fbbdabcpragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.
5433c6278bfe6b6212f911b0a46eda42DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
476adc1bf90918f7ad3741caca2d770eSocial Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
46affb7ec997a27515c12a50d78d65f6Wireshark versions 1.4.0 through 1.4.12 and 1.6.0 through 1.6.7 suffer from a DIAMETER dissector denial of service vulnerability.
d94ce6017c8d48224a7a09c0a77c7c0eWireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.
b69533c3c9d8a81ed6f166ce32f3088dWireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from a misaligned memory denial of service vulnerability.
e44a652926a9f450c49f6ecbc1a0cd3cJaow versions 2.4.5 and below suffer from a remote blind SQL injection vulnerability.
6e6b513afde6050a95045e553840c8c1bsnes version 0.87 suffers from a denial of service vulnerability.
e1b422d8ffa4c0e558e83d2d33d761f7This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user.
c768b9282de90ed20180d7ae12452941
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed