Expoit Files ≈ Packet Storm

Packet Storm – Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

WordPress 3DPrint Lite plugin version 1.9.1.4 suffers from a remote shell upload vulnerability.
Pharmacy Point of Sale System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Police Crime Record Management Project version 1.0 suffers from a remote SQL injection vulnerability.
Redragon Gaming Mouse suffers from a denial of service vulnerability.
WordPress Advanced Order Export For WooCommerce plugin version 3.1.7 suffers from a cross site scripting vulnerability.
WordPress Fitness Calculators plugin version 1.9.5 suffers from a cross site request forgery vulnerability.
Backdrop CMS version 1.20.0 suffers from cross site request forgery vulnerabilities that can assist an attacker in achieving command execution.
Gurock Testrail version 7.2.0.3014 suffers from an improper access control vulnerability.
Chrome suffers from a HRTFDatabaseLoader::WaitForLoaderThreadCompletion data race condition.

OpenCats 0.9.4-2 XML Injection

22 September 2021, 4:37 pm

OpenCats version 0.9.4-2 suffers from an XML external entity injection vulnerability.

E-Negosyo System 1.0 Shell Upload

22 September 2021, 4:36 pm

E-Negosyo System version 1.0 suffers from a remote shell upload vulnerability.

E-Negosyo System 1.0 SQL Injection

22 September 2021, 4:35 pm

E-Negosyo System version 1.0 suffers from a remote time-based blind SQL injection vulnerability.

e107 CMS 2.3.0 Shell Upload

22 September 2021, 4:34 pm

e107 CMS version 2.3.0 authenticated remote shell upload exploit.
Online Reviewer System version 1.0 suffers from a remote shell upload vulnerability.
South Gate Inn Online Reservation System version 1.0 suffers from a remote SQL injection vulnerability that allows for a shell upload.

Sentry 8.2.0 Remote Code Execution

22 September 2021, 4:28 pm

Sentry version 8.2.0 suffers from a remote code execution vulnerability.
Filerun version 2021.03.26 authenticated remote code execution exploit.

TotalAV 5.15.69 Unquoted Service Path

22 September 2021, 4:23 pm

TotalAV version 5.15.69 suffers from an unquoted service path vulnerability.
Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability.

Cloudron 6.2 Cross Site Scripting

22 September 2021, 10:11 am

Cloudron version 6.2 suffers from a cross site scripting vulnerability.
An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also present in other products that are built on top of the OpManager application. This vulnerability affects OpManager versions 12.1 through 12.5.328.

OpenCats 0.9.4 XML Injection

21 September 2021, 3:47 pm

OpenCats version 0.9.4 suffers from an XML external entity injection vulnerability.
Backdoor.Win32.Minilash.10.b malware suffers from a denial of service vulnerability.
Backdoor.Win32.Hupigon.asqx malware suffers from an unauthenticated open proxy vulnerability.
WebsiteBaker version 2.13.0 authenticated remote code execution exploit.