This archive contains all of the 225 exploits added to Packet Storm in November, 2012.
e53bdc46e1d537d309a6c1b480219705cd6afc3f323fe17fc1150b4cdbf27d95This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user.
ab34370a5debea1b2a8db24c582834304ee72c0e5a992dbbbcfedc31867011f6Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities.
5b98c30892bfc1275681ae20caf39f5a066c85801cedca3fd96ad0fd88b04a10SysAid Helpdesk version 8.5 Pro suffers from multiple remote blind SQL injection vulnerabilities.
6b32da064f8d6d2d434491a60fd914b8e9cf99d9ceab79f915c421782d761761Squiz CMS version 11654 suffers from a directory traversal vulnerability.
9aad92b935f5ad7c893786de544430c0d9cb211b6cbbaed9edeef9c1a0e15cceNagios XI Network Monitor version 2011R1.9 suffers from a remote blind SQL injection vulnerability.
2cf56eed695230c853b7b3b4f90eb894c8c6fc9ed6af1f23249a37152923da76Nagios XI Network Monitor version 2011R1.9 suffers from OS command injection vulnerabilities.
cefe812c8837b8e434b4ea93fe2c8a19e990a7fdd85084570601625036f225c8Oracle Gridengine's sgepasswd suffers from a buffer overflow vulnerability.
27c545a1cda033f55904dc6058b6be0f7c4252cea190bf6782a8be65bf19b66dDataArmor and DriveArmor versions prior to 3.0.12.861 suffer from restricted environment breakout, privilege escalation, and full disk decryption vulnerabilities.
0fc5ee98ad7150597b23a730a459a04feb859a6daba3aacc92a056f31d04b665jsupload.cgi.pl versions 0.6.4 and below suffer from a directory traversal vulnerability.
ccd62aaa39befe158eac096c007c49a7c571779c421b3de5eb034f9c0b7abff3PayPal suffered from a persistent cross site scripting vulnerability.
2410978fe3d394fded3f60d02efa3b9655e8eff8e42012acccdeb9c375cab246SilverStripe version 3.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
5cb762b339a330f6095d9df36320aed93b37bcf830588eaba27f260b27da40fbOracle OpenSSO version 8.0 suffers from multiple cross site scripting vulnerabilities.
8c808e048c19a6a159ab6b29c16212a38f35d663f13ecf875b211ee928233412WordPress Video Lead Form plugin version 0.5 suffers from a cross site scripting vulnerability.
6399d89e41c6f18b870131becc911b8866326d09c8fdc61c3e45091324d5ae69Oracle Exadata leaf switches come configured with easily guessable passwords and a shadow file that is world-readable.
4656654c3f194537f44fd57130e17703524ad55c4635083060dae1b01824ac10BigDump version 0.32b suffers from cross site scripting, arbitrary file upload, and remote SQL injection vulnerabilities.
bc23c90c044ff4efc633cbcc3f27e340bad38ad3a444213bde86d3e4702abab0UMPlayer Portable version 0.95 crash proof of concept denial of service exploit.
645f405d6e5613e5ffaa01bd0c557e04533bc8bd28c446fcee2412fd2ffbdf56Agilebits 1Password version 3.9.9 suffers from a cross site scripting vulnerability in the troubleshooting reporting system.
71744dd1e2e3fc6192bf9157fb70fc21a07956fc2047e6e02439c2ae46385835Elastix version 2.3.0 suffers from a cross site scripting vulnerability.
1169ee193f94dedd59c9fe5880f39264785ad1850a53caa434d5b07ce5fb358aMODx versions 1.0.6 and below suffer from cross site request forgery, abuse of functionality, and denial of service vulnerabilities.
06e2431993e324f2e749b37a6e7c7e00a479836f6dfc847e0cea7aa9db329961BigDump version 0.29b suffers from arbitrary file upload and remote SQL injection vulnerabilities.
7f2a9f83ce7267074bd1e978a6656843e20681fe40e2a65f46e42520bcc2a69eSites created by Seventeen Design suffer from cross site scripting and remote SQL injection vulnerabilities. Note that these findings house site-specific data.
6e024ff910a500b76d6e98d594d24f0970043c4043af514d8873b64e06e7d328Sites developed by Espacio Ecuador suffer from cross site scripting and remote SQL injection vulnerabilities. Note that these findings house site-specific data.
22828edf67f35b77d1f498612cba632ea2ac891ab9f69bfcab423f6c9f593603This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.
c7e98f972baf436cdfffebb9e430a37c5fe6f420bfd185f513efaf7d19a631e2This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.
10b7f159e2f92d30b2c07941abb1e4f934539758916904fa7372f9e7afa29641
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed