Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
Microsoft Windows SET_REPARSE_POINT_EX Mount Point Security Feature Bypass22 August 2019, 11:02 pm
The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed application to set an arbitrary mount point symbolic link.
Endian Firewall 3.3.0 Cross Site Scripting22 August 2019, 8:33 pm
Endian Firewall version 3.3.0 suffers from a cross site scripting vulnerability.
Wikindx 5.8.2 SQL Injection22 August 2019, 7:32 pm
Wikindx version 5.8.2 suffers from a remote SQL injection vulnerability.
Snapforce CRM 8.3.0 Cross Site Scripting22 August 2019, 7:22 pm
Snapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.
KBPublisher 184.108.40.206 SQL Injection21 August 2019, 8:01 pm
KBPublisher version 220.127.116.11 suffers from multiple remote SQL injection vulnerabilities.
Zoho Corporation ManageEngine ServiceDesk Plus Information Disclosure21 August 2019, 7:58 pm
Zoho Corporation ManageEngine ServiceDesk Plus 10 versions prior to 10509 suffer from an information leakage vulnerability.
Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0 Arbitrary File Disclosure21 August 2019, 7:38 pm
This Metasploit module exploits Pulse Secure SSL VPN versions 8.1R15.1, 8.2, 8.3, and 9.0 which suffer from an arbitrary file disclosure vulnerability.
LibreOffice Macro Python Code Execution20 August 2019, 10:37 pm
This Metasploit module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload.
Webmin 1.920 Remote Root20 August 2019, 10:08 pm
Webmin version 1.920 remote root exploit.
CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change20 August 2019, 10:06 pm
CentOS Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.
CentOS Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop20 August 2019, 10:05 pm
CentOS Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.
CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration20 August 2019, 10:02 pm
CentOS Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.
WordPress Add Mime Types 2.2.1 Cross Site Request Forgery20 August 2019, 6:22 pm
WordPress Add Mime Types plugin version 2.2.1 suffers from a cross site request forgery vulnerability.
Microsoft Office365 / ProPlus 16.0.11901.20204 Code Execution / Protection Bypass20 August 2019, 2:44 pm
Microsoft Office365 and ProPlus build 16.0.11901.20204 suffers from code execution and protection bypass vulnerabilities.
FortiOS 5.6.7 / 6.0.4 Credential Disclosure19 August 2019, 4:51 pm
FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 suffer from a credential disclosure vulnerability.
FortiOS 5.6.7 / 6.0.4 Credential Disclosure19 August 2019, 4:48 pm
This Metasploit module exploits FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file.
YouPHPTube 7.2 SQL Injection19 August 2019, 4:46 pm
YouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
Neo Billing 3.5 Cross Site Scripting19 August 2019, 4:42 pm
Neo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.
Kimai 2 Cross Site Scripting19 August 2019, 4:41 pm
Kimai version 2 suffers from a persistent cross site scripting vulnerability.
RAR Password Recovery 1.80 Denial Of Service19 August 2019, 4:40 pm
RAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
Webmin 1.920 Remote Command Execution19 August 2019, 3:11 pm
Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.
Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting16 August 2019, 9:17 pm
Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.
Open-Xchange OX Guard Cross Site Scripting / Signature Validation16 August 2019, 9:12 pm
Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.
GNU patch Command Injection / Directory Traversal16 August 2019, 4:31 pm
GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.
GetGo Download Manager 18.104.22.16800 Denial Of Service16 August 2019, 4:28 pm
GetGo Download Manager version 22.214.171.12400 suffers from a denial of service vulnerability.