Expoit Files ≈ Packet Storm

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed application to set an arbitrary mount point symbolic link.
Endian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.

Wikindx 5.8.2 SQL Injection

22 August 2019, 7:32 pm

Wikindx version 5.8.2 suffers from a remote SQL injection vulnerability.
Snapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.
KBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.
Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.
This Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.
This Metasploit module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload.

Webmin 1.920 Remote Root

20 August 2019, 10:08 pm

Webmin version 1.920 remote root exploit.
CentOS Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.
CentOS Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.
CentOS Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.
WordPress Add Mime Types plugin version 2.2.1 suffers from a cross site request forgery vulnerability.
Microsoft Office365 and ProPlus build 16.0.11901.20204 suffers from code execution and protection bypass vulnerabilities.
FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 suffer from a credential disclosure vulnerability.
This Metasploit module exploits FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file.

YouPHPTube 7.2 SQL Injection

19 August 2019, 4:46 pm

YouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
Neo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.

Kimai 2 Cross Site Scripting

19 August 2019, 4:41 pm

Kimai version 2 suffers from a persistent cross site scripting vulnerability.
RAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.
Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.
Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.
GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.
GetGo Download Manager version 6.2.2.3300 suffers from a denial of service vulnerability.