Joomla Rentalot Plus extension version 19.05 suffers from a cross site scripting vulnerability.

Backdoor.Win32.NTRC malware suffers from a hardcoded credential vulnerability.

Password Manager for IIS version 2.0 suffers from a cross site scripting vulnerability.

Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a suffers from a cross site scripting vulnerability.

Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a remote SQL injection vulnerability.

Google Chrome version 103.0.5060.53 (Official Build) and Chromium version 105.0.5148.0 (Developer Build) (64-bit) suffer from a network::URLLoader::NotifyCompleted heap use-after-free vulnerability.

Google Chrome version 103.0.5060.53 suffers from an Autofill Assistant universal cross site scripting vulnerability.

The Windows KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in escalation of privilege.

Joomla JKassa ShoppingCart extension version 2.0.0 suffers from a remote SQL injection vulnerability.

Joomla Easy Shop extension version 1.4.1 suffers from a cross site scripting vulnerability.

Joomla JUX Charity Hub extension version 1.0.4 suffers from a remote SQL injection vulnerability.

This archive contains all of the 118 exploits added to Packet Storm in September, 2022.

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 5648-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.

Centreon version 22.04.0 suffers from a persistent cross site scripting vulnerability.

GuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.

Joomla MyMuse extension version 4.3.0 suffers from a remote SQL injection vulnerability.

Joomla JS Jobs Pro extension version 1.3.6 suffers from a remote SQL injection vulnerability.

Joomla jMarket extension version 5.15 suffers from a cross site scripting vulnerability.

Gentoo Linux Security Advisory 202209-27 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.3.0:esr are affected.

Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.

Gentoo Linux Security Advisory 202209-24 - Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Versions less than 2.4.9 are affected.