Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Microsoft Windows SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
22 August 2019, 11:02 pmThe NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed application to set an arbitrary mount point symbolic link.
Endian Firewall 3.3.0 Cross Site Scripting
22 August 2019, 8:33 pmEndian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.
Wikindx 5.8.2 SQL Injection
22 August 2019, 7:32 pmWikindx version 5.8.2 suffers from a remote SQL injection vulnerability.
Snapforce CRM 8.3.0 Cross Site Scripting
22 August 2019, 7:22 pmSnapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.
KBPublisher 6.0.2.1 SQL Injection
21 August 2019, 8:01 pmKBPublisher version 6.0.2.1 suffers from multiple remote SQL injection vulnerabilities.
Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure
21 August 2019, 7:58 pmZoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.
Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure
21 August 2019, 7:38 pmThis Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.
LibreOffice Macro Python Code Execution
20 August 2019, 10:37 pmThis Metasploit module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload.
Webmin 1.920 Remote Root
20 August 2019, 10:08 pmWebmin version 1.920 remote root exploit.
CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change
20 August 2019, 10:06 pmCentOS Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.
CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop
20 August 2019, 10:05 pmCentOS Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.
CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration
20 August 2019, 10:02 pmCentOS Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.
WordPress Add Mime Types 2.2.1 Cross Site Request Forgery
20 August 2019, 6:22 pmWordPress Add Mime Types plugin version 2.2.1 suffers from a cross site request forgery vulnerability.
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass
20 August 2019, 2:44 pmMicrosoft Office365 and ProPlus build 16.0.11901.20204 suffers from code execution and protection bypass vulnerabilities.
FortiOS 5.6.7 / 6.0.4 Credential Disclosure
19 August 2019, 4:51 pmFortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 suffer from a credential disclosure vulnerability.
FortiOS 5.6.7 / 6.0.4 Credential Disclosure
19 August 2019, 4:48 pmThis Metasploit module exploits FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file.
YouPHPTube 7.2 SQL Injection
19 August 2019, 4:46 pmYouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
Neo Billing 3.5 Cross Site Scripting
19 August 2019, 4:42 pmNeo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.
Kimai 2 Cross Site Scripting
19 August 2019, 4:41 pmKimai version 2 suffers from a persistent cross site scripting vulnerability.
RAR Password Recovery 1.80 Denial Of Service
19 August 2019, 4:40 pmRAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
Webmin 1.920 Remote Command Execution
19 August 2019, 3:11 pmWebmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.
Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting
16 August 2019, 9:17 pmOpen-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
16 August 2019, 9:12 pmOpen-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.
GNU patch Command Injection / Directory Traversal
16 August 2019, 4:31 pmGNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.
GetGo Download Manager 6.2.2.3300 Denial Of Service
16 August 2019, 4:28 pmGetGo Download Manager version 6.2.2.3300 suffers from a denial of service vulnerability.