Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Openfire 4.4.1 Cross Site Scripting
11 October 2019, 5:35 pmOpenfire version 4.4.1 suffers from multiple cross site scripting vulnerabilities.
SugarCRM 9.0.1 Phar Deserialization
11 October 2019, 3:18 pmSugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities.
SugarCRM 9.0.1 PHP Object Injection
11 October 2019, 3:17 pmSugarCRM versions 9.0.1 and below suffer from multiple php object injection vulnerabilities.
SugarCRM 9.0.1 PHP Code Injection
11 October 2019, 3:14 pmSugarCRM versions 9.0.1 and below suffer from multiple PHP code injection vulnerabilities.
SugarCRM 9.0.1 Path Traversal
11 October 2019, 3:13 pmSugarCRM versions 9.0.1 and below suffer from multiple path traversal vulnerabilities.
Visual Studio Code Remote Debugger Enabled
11 October 2019, 3:11 pmVisual Studio Code enables its remote debugger by default when installed.
SugarCRM 9.0.1 Broken Access Controls
11 October 2019, 3:10 pmSugarCRM versions 9.0.1 and below suffer from multiple broken access control vulnerabilities.
SugarCRM 9.0.1 SQL Injection
11 October 2019, 3:09 pmSugarCRM versions 9.0.1 and below suffer from multiple remote SQL injection vulnerabilities.
SugarCRM 9.0.1 Cross Site Scripting
11 October 2019, 3:07 pmSugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.
Ajenti Remote Command Execution
11 October 2019, 3:05 pmAjenti suffers from a remote command execution vulnerability.
National Instruments Circuit Design Suite 14.0 Privilege Escalation
11 October 2019, 3:01 pmNational Instruments Circuit Design Suite version 14.0 suffers from a local privilege escalation vulnerability.
Intelbras Router WRN150 1.0.18 Cross Site Scripting
11 October 2019, 3:00 pmIntelbras Router WRN150 version 1.0.18 suffers from a persistent cross site scripting vulnerability.
WordPress Arforms 3.7.1 Directory Traversal
11 October 2019, 2:59 pmWordPress Arforms plugin version 3.7.1 suffers from a directory traversal vulnerability.
MiniShare 1.4.1 CONNECT Remote Buffer Overflow
11 October 2019, 10:22 amMiniShare version 1.4.1 CONNECT remote buffer overflow exploit.
Microsoft Windows Kernel nt!MiRelocateImage Out-Of-Bounds Read
10 October 2019, 3:08 pmThe Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in nt!MiRelocateImage while parsing a malformed PE file.
Microsoft Windows Kernel CI!HashKComputeFirstPageHash Out-Of-Bounds Read
10 October 2019, 3:07 pmThe Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in CI!HashKComputeFirstPageHash while parsing a malformed PE file.
Microsoft Windows Kernel nt!MiParseImageLoadConfig Out-Of-Bounds Read
10 October 2019, 3:06 pmThe Microsoft Windows kernel suffers from an out-of-bounds read in nt!MiParseImageLoadConfig while parsing a malformed PE file.
Microsoft Windows Kernel CI!CipFixImageType Out-Of-Bounds Read
10 October 2019, 3:05 pmThe Microsoft Windows kernel suffers from an out-of-bounds read vulnerability in CI!CipFixImageType while parsing a malformed PE file.
Microsoft Windows Kernel nt!MiOffsetToProtos NULL Pointer Dereference
10 October 2019, 3:01 pmThe Microsoft Windows kernel suffers from a null pointer dereference vulnerability in nt!MiOffsetToProtos while parsing a malformed PE file.
Microsoft Windows Kernel win32k.sys TTF Font Processing win32k!ulClearTypeFilter Pool Corruption
10 October 2019, 2:59 pmMicrosoft Windows Kernel suffers from a TTF font processing win32k!ulClearTypeFilter pool corruption vulnerability in win32k.sys.
SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery
10 October 2019, 2:41 pmSMA Solar Technology AG Sunny WebBox device version 1.6 suffers from a cross site request forgery vulnerability.
ASX To MP3 Converter 3.1.3.7 Stack Overflow
10 October 2019, 2:39 pmThis Metasploit module exploits a stack buffer overflow in ASX to MP3 converter 3.1.3.7. By constructing a specially crafted ASX file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. Tested on: Microsoft Windows 7 Enterprise, 6.1.7601 Service Pack 1 Build 7601, x64-based PC Microsoft Windows 10 Pro, 10.0.18362 N/A Build 18362, x64-based PC.
TP-Link TL-WR1043ND 2 Authentication Bypass
10 October 2019, 2:38 pmTP-Link TL-WR1043ND 2 suffers from an authentication bypass vulnerability.
PBS Professional 19.2.3 Authentication Bypass
9 October 2019, 2:06 pmPBS Professional versions 19.2.3 and below suffer from an authentication bypass vulnerability.
Foscam Video Management System 1.1.6.6 Denial Of Service
9 October 2019, 12:33 pmFoscam Video Management System version 1.1.6.6 denial of service proof of concept exploit.