This archive contains 190 exploits that were added to Packet Storm in November, 2015.
d6d0c6276b2fafc1b461728be0f139b590d4ce0965f02cb1e6192125de6aeedb
Brocade Fabric OS version 6.3.1b suffers from multiple weak system configuration issues that can result in system compromise. You actually have to go out of your way to break basic Linux security this badly.
86551b3c0d17766625527eb34a6c14cce252c358fd6840a5969038b4022df058
HumHub versions 0.11.2 and 0.20.0-beta.2 suffer from a remote SQL injection vulnerability.
de97ea4c72cb25e8cbe17f57855cac312d4ef10577f8830837d47392f45dc630
Belkin N150 wireless home routers suffer from cross site request forgery, cross site scripting, session hijacking, and default credential vulnerabilities.
ccd6d7df0385f7fe44487b3572769d2a3e6d56e73e0aa366d26c92e320dce63f
Easy File Sharing Web Server version 7.2 remote SEH buffer overflow exploit using DEP bypass with ROP.
b343788b936fa8d54e2e946f827f40f4d9105116d2e051d438e3240130b330b3
CoreMail version XT3.0 suffers from a stored cross site scripting vulnerability.
f921686d976a5a7c22956d7212359350cfd0ea21e63e1684c4e814378959176a
MyCustomers version 1.3.873 suffers from a remote SQL injection vulnerability.
2f4222a07b82de124e338becccee82b40bd19c6939570f75d9088587d4bf9074
WEBONE CMS version 14 suffers from a cross site scripting vulnerability.
d5f7e78a35f7ed4a83b67ecffb5c6863f0290d23b93409df4ca40a0528bf4a3d
Mind Wave Softwares version 1.2 suffers from a remote SQL injection vulnerability.
e781282f425d882d2e6b18dc224765a38cb3052c0cd292a6ed945168cfd27783
Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability.
11c702c88601ac6e95e42022410b65f5fca9d57c43f676ae447bdbbbf28e80b1
CIS Manager Content Management System 2015Q4 suffers from a remote SQL injection vulnerability.
755fee851a768d9739a2fbca1bfcc591f6bb2d3a6267279c012f29a529206ed8
BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.
ad92db3f8a0dd8f3d603187873cbcc879f069b52034b56d5481e2bd22b4892dd
SAP Sybase Adaptive Server Enterprise suffers from an XXE injection vulnerability.
eefc985f29a3508ca13dea522b15ac3c29c4c59a97887c2cc3fc596ee310c5aa
KNX management software ETS version 4.1.5 build 3246 suffers from a buffer overflow vulnerability that allows for remote code execution.
26fb1ecb52a068327a64aefb6a20a38aa566c00c1c8b2378b3520c7110cdc0a6
Neos CMS version 2.0.3 suffers from cross site scripting and remote shell upload vulnerabilities.
32f565a1e4aa0ba4f3cc4e6ff2e96c53df2ff5dc3c7b30ec6666056d0a5ec619
The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crash due to a bad pool header without special pool as well.
3403491c7fbf36174b15a563987a49c4a34c9dfe661dfceec3ca982b901368ad
The 3D Vision service nvSCPAPISvr.exe installed as part of typical driver installations runs at Local System and has an insecure named pipe server. One of the commands in the server can be used to set an Explorer Run key for the system which would allow a user to get code executing in the session of any other user who logs on to the same machine leading to elevation of privilege. In Windows Domain environments it would also be possible to exploit the vulnerability between machines if the attacker has access to a valid user account on one domain joined machine.
05dc63568af8d130fdd2c6b9e0a909e6ec48e67727f943ffc38e725c2e25e0c2
The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory. When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.
4a4737c7da3e9d60d2829fc4216a2923ae3dd4946af77f8b03906129aa0fc6ba
The attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and multiple runs on the PoC might be required to trigger the bug. This is more reliable on systems with multiple cores.
98cd61cfa57d50f4a3e3d1dc2c080a9c2743333c59a9c028d17d2c5241c7bd9a
The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.
9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8
The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.
f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5
MODX Login Extra versions prior to 1.9.1 suffer from a cross site scripting vulnerability.
8866751a93597637a538bf0220137db267a389e38a5051f40a3903cc78ebdc36
RXTEC RXAdmin login page from UPDATE 06 / 2012 suffers from a remote SQL injection vulnerability.
940590a69e2048c5513b7eb24f981f9183f5c6fa25601b46fcf091c4812f94f5
Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.
8f7f179c0390f32c61f7e5d9ef5dff39e836b126a057fbd52f32854d89498f84
Huawei HG253s V2 suffers from a remote information disclosure vulnerability.
2e2018d16f6a7f8cddf71c09432c4a1048d6e439aa44ce1118910a868470d54c