This archive contains 166 exploits that were added to Packet Storm in October, 2015.
b0e2060471086003d6a269d4fb0e20b4fb3da221b127ef235b12e76ef3f37e9dPython versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make several calls to PyUnicode_CompareWithASCIIString that expect a string, yet receive some other type of object, leading to a type confusion vulnerability.
2f285d0b1a031d0ca91b5be2513b66aa771b0b6b0abc07f26cece30a0372c084Cisco's tools site suffered from multiple cross site scripting vulnerabilities.
1f9fd61e7de68f122c09b61c8fb1d95447232133a9e9981cbe4adf441844fcdcPython 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of '%'. After finding a '%', it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with '%', this logic will result in a call to strchr that reads off the end of the format string buffer.
247c41f7b289418808f840d29093ddf7d7fec17408a6503c55ac90be7d7cdeb1PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.
aafa69a15ff0e3770a96c5012d8cb850bdb3fda9ba48a991cb0678d1cb2b0ff6PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.
c6dd900ebf2986cd3b5ad60ba13c81ef576d594f7507b637176981a3472236faeBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.
e653dc6b60d0a6774fd0c82028476bc1f4420abad29191536668539de8b9ec0bPligg CMS version 2.0.2 suffers from a directory traversal vulnerability.
6694394bbeb73a900ce2025bfc0707fad012282c2839712e6d1e324abee90990Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.
478975660e6f6564e0125792eaca49d4f8fc7ddb63e0f2f82e756f316270b0cePython 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.
11ad4ff03a7d48ad669798a540d150f6b9a96705027ddfb79905aac9959c3fc9Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.
de3c115352c90fa8f2310b17c7ea48cfcb49051855371160b2525f16b5d92a47Libstagefright integer overflow checks can be bypassed with extended chunk lengths.
15eceaf95482d14e738ec82c591c2ef6f10dc84faa2b08d52245a8476148b162Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.
88ada6ac426249e6a52b83bd212e37b27d3c0891970c6b58a7203e704fd03a16The Joomla JNews component suffers from a remote SQL injection vulnerability.
8287b68a05ca05664203c4326611ce19b973e1b007488fd368ffc02614c741c3Mozilla's SETUP.exe suffers from a classic DLL injection vulnerability.
f0f3561003f9aad503eddd10d186760a70b521b4ca5d80ae51ab265713117c58Serendipity version 2.0.2 suffers from a stored cross site scripting vulnerability.
bafb55dacc02a9d144ad9401ff63b71c1218bf0cd283d5b42f8f20c2e6d803e4The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoint (/dev/m2m1shot_jpeg) is accessible by the media server. The Samsung S6 Edge is a 64-bit device, so a compatibility layer is used to allow 32-bit processes to provide structures that are expected by the 64-bit driver. There is a stack buffer overflow in the compat ioctl for m2m1shot.
b0c5900d4ce52a323271b9224cc5fd02fc37af255afea06a937e89a8d81fdecdThe Samsung Graphics 2D driver (/dev/fimg2d) is accessible by unprivileged users/applications. It was found that the ioctl implementation for this driver contains a locking error which can lead to memory errors (such as use-after-free) due to a race condition.
a3f38084cb1d4d13978aaba6602e9965fb1df0bed4c3c2f913708f75b9b78245The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content.
594870b3ae98a33494d0b1c1cfe743d48fcdc6e5eb9a57bb9891ab2068f4be75A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.
518c9bcbcc800ca3f2eabf30aca38ce8d0b16a83ab93ae8b359b37e023aa64a9Joomla remote SQL injection mass exploitation tool that affects versions 3.2 through 3.44.
e74d1c2612f862d1907efcb6f9e66646454d21ba0f9e08e17b7c11c0ed22c84dThis Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).
1959cf26f98a303dd73293b46328a6156cc9e858b22283d3803da877cf76e849This Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.
a6cc00b9d3f5414b03d4d4a58644c38267378b49d138c71d6af4288198c8112carticleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.
f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed