This archive contains all of the 284 exploits added to Packet Storm in October, 2016.
980413408896b15a0861447f7fa756f479a5a80ecfdf9a650eea6758d224e2faS9Y Serendipity version 2.0.4 suffers from a cross site scripting vulnerability.
a6318fcff394e7612527ace484b5372fe20c4713d41951f3083500bec34234cfMicro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability.
c79368afc2366c417c9c7e601de6a8543ba47d00308cedc97805983a7b31a5adMicro Focus Rumba FTP client version 4.x stack overflow SEH exploit.
be1012cdb8afc4e08376e9770153918dc17b5b9b92e58a72ff40055f45aa4f07The included fuzz test case demonstrates an overflow in rastering for Adobe Flash.
637e42b945221fae8e6dae651bf8b8608a73661c378f35d81a53e8b60128cc71Micro Focus Rumba versions 9.3 and below suffer from a stack overflow vulnerability.
83db544fff6382ef133c3c32853ff2c703184c47028629175ad2b4b283e69259D-Link DIR-300NRUB5 with firmware version 1.2.94 suffers from brute force and cross site request forgery vulnerabilities.
6fcaf080ad4668f175dfcb528fb241556341493d443999c15cfa649388b7e175ASP Gateway 1.0.0 suffers from a database disclosure vulnerability.
7117d0ed47e50d0cd2ca5bc4a1b4c5a29c59a1035262d55ef463a436105f5798Angelo Emlak Scripti version 1.0 suffers from a database disclosure vulnerability.
adf76a22527689b5bdd8a63738ec437361cc88d84caf4c57e44198ae435b82a7FreeFTPd version 1.0.8 suffers from a denial of service vulnerability in the mkd command.
c62ddbe1bd61ae43d76ad0180dfa39d819c035202c2a21e16b0791e1af50a901InfraPower PPS-02-S Q213V1 suffers from a cross site request forgery vulnerability.
b37af8c08805ea7640d8d197d165127c38864d0ee046dfafdd39b966e6aad3fdInfraPower PPS-02-S Q213V1 suffers from an authentication bypass vulnerability. The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in 'Function.php' checks only if the 'Login' Cookie is empty or not, allowing easy bypass of the user security mechanisms.
77b1307af346ecfe3c45afddb0b9cec1987678dc3bb89c1d98a3d49a9d11a2c7InfraPower PPS-02-S Q213V1 suffers from an insecure direct object reference authorization bypass vulnerability.
9312fbf0e0e08332d0ec2f279cc8ef20eef67898caba5aeb42438d468791552bInfraPower PPS-02-S Q213V1 suffers from a use of hard-coded credentials. The IP dongle firmware ships with hard-coded accounts that can be used to gain full system access (root) using the telnet daemon on port 23.
c22e5f79189599a09a64a8e8a09ef273e57831a00e9bfcb6261740a9f82efae3InfraPower PPS-02-S Q213V1 suffers from a file disclosure vulnerability when input passed thru the 'file' parameter to 'ListFile.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
ad79cf9d2792971f12b4467e9bfe8405b2023253e269e5156772d5997b5f9649InfraPower PPS-02-S Q213V1 suffers from multiple stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
c2ab6a1f6aa6c346e39e4bcbbc37acf45e0c10c36ae3954846da361ed1e8c2e5InfraPower PPS-02-S Q213V1 suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exists due to several POST parameters in several scripts not being sanitized when using the exec(), proc_open(), popen() and shell_exec() PHP function while updating the settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.
4bcd9fe006926b7e4e5923315fea8553003213cb95f58a40f72204f494f581c8This Metasploit module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character so that we hit the match on the regex.
ee20d372ed0f1e30bd8d9b8a767eee792e35e7aba086370b04a670a286abf66ePHP Support Tickets version 1.3 suffers from a remote SQL injection vulnerability.
a27060d874f333afedcca3b251ee3aa8c31e17ba488a19b028c19ace2d6ad266PHP Support Tickets version 1.3 suffers from a local file inclusion vulnerability.
77ce766da24cd320c33836afab1cba31c7c36fbc622860543bfde78eaf3e05f2The escape handler for 0x10000e9 lacks bounds checks, and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow.
e764018c50128a89c728c3202c374cd2eee6b13beea7305fa6c32f6c0bab6212There is a missing bounds check in inner loop of the escape handler for 0x7000014 that leads to a stack buffer overflow.
6154ad3c9f831583ddc42198a12cfa12363713dc40cd3172b448eda799e5eae1The DxgkDdiEscape handler for 0x70000d5 lacks bounds checks.
217f80d673facc15accb636f625922543219ec6b5feb5df98734f4a373cb88c7The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output.
7290a345ac11921d719fab843f9ee44533b83cdd39e09fc45d06819460973000The DxgkDdiEscape handler for escape 0x100009a lacks proper bounds checks.
b14a13d1b77ffa3d060b707004362638f3c5ff6e048afd8cf77611c8cdde2d1a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed