This archive contains all of the 171 exploits added to Packet Storm in August, 2017.
8fece9690b0cab35ecc368a04b2c7af8c318ac9e7ca923836607812b844663bf
This Metasploit module exploits CVE-2017-1000117, which affects Git versions 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This Metasploit module creates a fake git repository which contains a submodule containing the vulnerability. The vulnerability is triggered when the submodules are initialized.
c48c626489d0816c8550fa1832a7c70cc94f774c3664902dd69f730db0e3d3e7
The Next Generation of Genealogy Sitebuilding versions prior to 11.1.1 suffer from a remote SQL injection vulnerability.
d9330da1f389606daecc7dff310fe77a45172cad38e7a39ab2aabce85828610b
This Metasploit module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the 'rmfile' command. This Metasploit module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727).
aca7c1b49b5440cd6ddb47ea9a27fb677d0d8d9659ef9c1d3398a36955a83511
Microsoft Windows suffers from an issue where it is possible to inject code into a PPL protected process by hijacking COM objects leading to accessing PPL processes such as Lsa and AntiMalware from an administrator.
ff430cf5bf8ac980602d62afffe0520f823ec5ccbe4f61e568e28d618f68d6d3
NethServer version 7.3.1611 suffers from a cross site request forgery vulnerability that allows you to create a user and enable SSH access.
506bd73cba435320476f8c6c120eb81758a4c66abbe6f9abe6c835471d9a47f9
NethServer version 7.3.1611 suffers from a cross site request forgery script insertion vulnerability in Upload.json.
2a0ace159ea005353227f89c3e7216fff084b687422b6176f3145b7decaf0f16
Matrimony version 2.7 suffers from a cross site request forgery vulnerability.
816a06c7d7595ef71786ff4e62fb3f1dc153c5931fd480a80b7b0ff526b4b08f
Easy RM RMVB to DVD Burner version 18.11 buffer overflow exploit.
0e6caeaabff62e5b13661c152cc35327130cb5693f71488479e4f3a2ad4a8b9e
Posty version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6aac32b2b95d9b88395dda6d01793a7227412fd7fa133fa0f854618d81b1a38e
Easy WMV/ASF/ASX to DVD Burner version 2.3.11 buffer overflow exploit.
e32cd0f9d448918e1a94e76e77bfb0ff63cbbf3418eb1d6d9c56182c8950bec5
VX Search Enterprise version 10.0.14 remote buffer overflow exploit.
13eec855947676a3ba5f8e915538709a850cca19ce222df2d53ae8307fc7f669
Apple iOS versions prior to 10.3.1 kernel exploit that demonstrates a sandbox escape.
103a1cd8dfe8bcd292b357f7210598a04715f7f0c33d9dfc09c87d9f23994fcf
Easy DVD Creator version 2.5.11 buffer overflow exploit.
9397771736d3c2841192ff4302787d171ff5e46f90fdba2eee026273ffdcf605
DiskBoss Enterprise version 8.3.12 suffers from a buffer overflow vulnerability.
acb4fa7dcfe7eccbd292c4cc9ee7681e572e6a9ac6b1bd1ae8607a988cb20793
VX Search Enterprise version 10.0.14 suffers from a buffer overflow vulnerability.
c82987e9cdbc390a6c4a1d521c941484c1f2effdb79fad3fbe918e9fcc39392a
Disk Savvy Enterprise version 9.9.14 buffer overflow exploit.
5c8b5ab18d37e5da0ee71bf65a0be4813f665141aeb5c9f7d9bed9c4c0fe4018
Sync Breeze Enterprise version 9.9.16 buffer overflow exploit.
78be6594ce68f662d2e0391314041a518191c4a1db137c1574eb5370a76b9fc7
Disk Pulse Enterprise version 9.9.16 buffer overflow exploit.
2c0cdf484d240ee492e1397fc67db40c22dd6fb44c1f20ddf77b518a562af77f
My Video Converter version 1.5.24 suffers from a buffer overflow vulnerability.
83b8c48ebbb41478a0b7f7b81d2f6a4f476813780f241c54e01f7f51a375d35b
Disk Pulse Enterprise version 10.0.12 buffer overflow exploit.
b5f0cc789573f60936cc28b2a85bd70439ff9949ec2c465cbf73d2716e473104
MP3 WAV to CD Burner version 1.4.24 suffers from a buffer overflow vulnerability.
bf6494384d7f98f0a1cd001af1bb27fe8e9a6729383edc83e0aaf212c060830a
Dup Scout Enterprise version 9.9.14 buffer overflow exploit.
94dfcb5a77d9a5e1b48cc6b1b8226d18e950c89a934f43d9c096cf1b2550e58a
Trend Micro Hosted Email Security (HES) suffers from email interception and insecure direct object reference vulnerabilities.
b05cc034ae6b0b1c59afe01f4ef720d5545f811f1fcc30f3cf6db2bc68cf4f8c
libgig-LinuxSampler version 4.0.0 suffers from multiple denial of service buffer overflow vulnerabilities.
885fe26ead9507c5109c787a13a8f08e27418a2ffda6c7513a31979ebf639ce9