This archive contains all of the 207 exploits added to Packet Storm in June, 2017.
b9b5336d39d8c84b389710835da087f10ec7df3d215d7b417d70ffecb4e4dc28
Google Chrome suffers from an out-of-bounds access vulnerability in RegExp.prototype.exec and RegExp.prototype.test.
a2dfbfbd5b6b713bef9434dadf2a4e4076dec67533a901bf128641446d851b2b
LG suffers from multiple stack overflows in ASFParser::SetMetaData.
ea05f7a62253726acc0eb18d46ed9849a18b0dea1654d3211310564f7f79f2fe
Linux kernel ldso_dynamic stack clash privilege escalation exploit. This affects Debian 9/10, Ubuntu 14.04.5/16.04.2/17.04, and Fedora 23/24/25.
019f1ce6374470fd5095849ce9301acb133a3679244b764940a7e40a80e999df
OpenBSD 'at' local stack clash privilege escalation exploit.
a80fd36081b8074669422ec386b383f6b02e6147e8b26cd6b180b8bcfaa859d2
Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit. This affects Debian 7.7/8.5/9.0, Ubuntu 14.04.2/16.04.2/17.04, Fedora 22/25, and CentOS 7.3.1611.
7c324e4c61aee597fae1e36e8fbd936e360099156578d347ef8a0c10d633cce6
Linux kernel offset2lib stack clash exploit.
f1addfd343ecc2a4c4e2f9697900b6d0f23b685b668f34ffb4b54dd9fc0ac77f
Easy File Sharing Web Server version 7.2 suffers from an account import local buffer overflow vulnerability.
44230e2afab50a3e2ac2122de6b916d5564602604dc11314483782d5a94ad8ea
Microsoft Dynamic CRM 2016 versions SP1 and below suffer from a cross site scripting vulnerability.
7a7ac559b01961f3ee6d891d89c708a79570c82bf81792a0b6b527819cb4e8d5
Microsoft .NET Framework version 4.7 suffers from dll hijacking vulnerabilities.
a14c76d3be8ec71126b11a235d5adde47541281cc460aeede7942fad1dde0f2e
Schneider Electric Wonderware InduSoft Web Studio versions 8.0 Patch 3 and below suffer from having incorrect default permissions.
3a6fb63ee2321ae2148abfe45340ced49709d99fb96721ff3760ab329b26826c
Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.
682cc56b7180418fb3999e685a72a5afe4e35da7c9f4873634145310163a17df
Microsoft Machine Debug Manager (mdm) suffers from dll hijacking vulnerabilities.
db92dfe873e589fe2a002dfec15943dbc9eb4432297101f2fd0811808db098a2
FreeBSD setrlimit stack clash proof of concept exploit.
55fb8566c8dcae52540b3d92f7a1228604de1093d9d64e40a1cebbbe5ec1f611
Linux kernel ldso_hwcap stack clash privilege escalation exploit. This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 5.3/5.11/6.0/6.8/7.2.1511.
e3bc684fbe0cc5c683f1e0aa4b3c0294f9ee713b3f50398609a3d2677cd20406
FreeBSD FGPE stack clash proof of concept exploit.
2dddaf6810e24694581a3d0559ab7f60f9bdef61855acef6f9cdc6c393b35315
FreeBSD FGPU stack clash proof of concept exploit.
fa4055aa1f668bb096eafa433dace0e75f81c48fefa47f2d5271474380116c6b
Oracle Solaris versions 11.1 and 11.3 rsh local privilege escalation stack clash exploit.
d6fc2124ab39b596a408ba197a8da71c03b284c1dac54ac107cc4d471c892d32
This Metasploit module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session is reused, even though it has previously been freed. This Metasploit module supports 3 specific versions of the Backup Exec agent in the 14, 15 and 16 series on 64-bit and 32-bit versions of Windows and has been tested from Vista to Windows 10.
18615ac29398d7f2d7f4f16eff1790cc387a69c2808a4e6bb7a5632253c7e45f
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
0bc2dbf6d87b6049a30cf872cd58cbce1c72539afcf4cc3fcb3c44514b701ed1
Kaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
1011f2188afe2cfa015134b365c225eb892ed298b59a2beb4cc63a8e09cdc1b0
NetBSD stack clash proof of concept exploit.
79d2a60bd57d2106ec864e90aa5a2a7fafd9984de7938980ff4f491b72819769
FASM (Flat Assembler) versions 1.7.21 and below suffer from a buffer overflow vulnerability.
f477943c08d29991c9de67f7ad83d2d89a6a334b0cf9fef4181782e4bb3f8ccb
This exploit leverages an MTA handler remote code execution vulnerability in Microsoft Word.
65b89848eff3dfa0514bb59a5330c3a17145a3d071de4db54112a08e95e91b96
WordPress Ultimate Product Catalogue plugin version 4.2.2 suffers from a remote SQL injection vulnerability.
2b01e9f144068b22d2191c0da760f68aeddbc293a96361d2b52210299f535055