This archive contains all of the 146 exploits added to Packet Storm in February, 2015.
fe470aa6494680f0b9f1494501103139ce6bb81434637f768cd7218e7acd9df9
Loxone Smart Home versions prior to 6.3 suffer from cross site request forgery, cross site scripting, poor credential handling, unencrypted transport, denial of service, and various other vulnerabilities.
02c29ae33d4acb1828256438a75351814733be4ec3b4087cf344e27f99e97071
HelpDezk version 1.0.1 suffers from remote shell upload, code execution, and information disclosure vulnerabilities.
f8dc19ca4275500ad5087257d6ee2e04da4f47a00bc656afdf5a489a70d25fd0
Tcl versions 1.0.0 through 1.16 suffer from a cross site scripting vulnerability.
730a7bdc810f6661614e8c85a4d349f300753b320e0c094481b7623cf1db1ed1
WordPress Media Cleaner plugin version 2.2.6 suffers from a cross site scripting vulnerability.
d6d74a75a7b2750fa09fb305d04f9190b5b35d816ed0e17bd581dad5ccd3abf6
Electronic Arts Origin Client version 9.5.5 suffers from multiple privilege escalation vulnerabilities.
bdc4deb08d63ed9cd53fd413b95ebd3ad366bfd82c36adf13589b24c4c2719be
Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.
17f918c6ed7be55415f6475ca5befcbf2d795848bb2960612e998e54f15479d5
Wireless File Transfer Pro Android suffers from a cross site request forgery vulnerability.
f709cfd1847fd656f23afa2f5a198b95fcf11abe5bc5307c2b3e6986922ffa41
Data Source: Scopus CMS suffers from a remote SQL injection vulnerability.
b800f8c298aac054e854e7dff0260d6929a4378ec6d5bbeb141735b6bb249cb1
DSS TFTP version 1.0 suffers from a path traversal vulnerability.
1659f811ad0d86f14519c3c5d8b7cf5d0467eaa4dfccab458a7219f5b85406ad
Multiple D-Link and TRENDnet devices suffer from cross site request forgery and unauthenticated access vulnerabilities. Various proof of concepts included.
d86bc02a0870f2b702d8d6cfe716a8d3945f7125fd82903e1ad431ce4f504b42
Collabtive version 2.0 suffers from a stored cross site scripting vulnerability.
51dbb48d16f19915093f913e78a13762366a085517ff044dcbe854adf5fca212
Akeneo PIM suffers from a cross site scripting vulnerability.
040796ea07e3e0dd0e31046f63c7e45cef6b91156f100b03958457fd5300859d
eFront Learning version 3.6.11 suffers from a stored cross site scripting vulnerability.
003e810011af79ee652072521748cd4aa32885be460c9e002ccdbf1dd2107972
TangoBB version 1.5.0-A3 suffers from a cross site scripting vulnerability.
f14175c8ce177339644aee54e883870979db753dec8cfea37dfd6eec3d7e585d
Enano CMS version 1.1.8pl1 suffers from a cross site scripting vulnerability.
77dfeefd90af3bf96609dca951ae09bcd4a7461ee0b4f68b894ccb8f1404c368
Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability.
625b938af5a85150b1a3686a1b0c965a9c909143433e02e16ae80a36174e5eb6
Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.
b8335176b54b66e8cbb9f9a3685e9203b083052ec2400eff910c1f08c844eedb
Cisco Ironport AsyncOS suffers from an HTTP header injection vulnerability.
c57f9ad771a935b26f475d6d4926fe8d395da5205e4f888e8087a2c7dc97b1fa
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
SEO Toaster E-Commerce version 2.2.0 suffers from a cross site scripting vulnerability.
24bbaf5076666acb1c082a4015e52f5e8aa9a9c44a370c866f118c741c285a66
Various Webgate technology suffers from multiple buffer overflow vulnerabilities.
6d6a87e39a520ec98120ccff8b68f26b54ef6465769b821e910397fd5a27aa7e
EVO-CMS version 2.1.0 suffers from a cross site request forgery vulnerability.
66e5f8134ad653e12601254b070187c2490a4f4b12edc64f2234aa3bbaa5b11e
This Metasploit module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.
ee5df7dbf0ac4eac44f2ff30e728e5eeff13120951dead86a3ad506611178a0b