This archive contains all of the 126 exploits added to Packet Storm in November, 2017.
26601646404269f67714b699baf4aa308c3055fdc175b26bcf68a6cae8ee8041
Windows Defender suffers from a controlled folder bypass through the UNC path. Affected includes Windows 10 1709 and Antimalware client version 4.12.16299.15.
8c42f09a92d4949b319052b516e66c9db035671371c1660e47a272790b1bc47b
This is a proof of concept for the Huge Dirty Cow vulnerability (CVE-2017-1000405). Before running, make sure to set transparent huge pages to "always" with "echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled".
50b43bfd2a4bd7eba2cd6356aa2b51d18c79f963281e4740e87af772ef924eed
WordPress WooCommerce plugin versions 2.0 and 3.0 suffer from a directory traversal vulnerability.
ef9a9858c034e30ca756d4c222afd09c9ef7645557959e2a92d02f963b329590
ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site request forgery vulnerability.
21008dfe6fbe16a0b13bac22f783c57905d07fcef1531edfd2e92e95a3df8dea
ZKTeco ZKTime Web version 2.0.1.12280 suffers from a cross site scripting vulnerability.
2a7737b3cfdd98693346b1ec8605e77bb6c5b25e75e151d0d9c4e03cec42a6cc
This Metasploit module exploits a serious flaw in Mac OS X High Sierra. Any user can login with user "root", leaving an empty password.
dd129338b035d1f1252020b0fcad4403a67d63fb88369b316e4ae2fb47bd5adc
Asterisk version 13.17.2~dfsg-2 suffers from a remote unauthenticated memory exhaustion vulnerability.
99d7d993e299b93cfe3175432dc128f681f04cd24bad4088cf2c8831bddb04c6
Synology StorageManager version 5.2 suffers from a remote root command execution vulnerability in smart.cgi.
8b6426fb7ecab4c3be36761c437ebb2dc9019377c22d2acbac83d341781b3249
QEMU version 2.10 suffers from an NBD server long export name stack buffer overflow vulnerability. This was introduced with commit f37708f6b8.
277647ab6158dac34428dd403eed4332179003f05cbb61e8622a3af2e5efdef8
pfSense versions 2.3.1_1 and below contain a remote command execution vulnerability post authentication in the system_groupmanager.php page.
7e95005faf5bd57e5f8dd4d924787a1fff296c90c38c30c7cdaff7910db8bb51
HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't be adjusted, and a rogue AP with the SSID "davinci" can be associated to the camera to provide a new attack vector via WiFi to a wired network camera. Tested on firmware versions 5.3.0, 5.4.0, and 5.4.5 and model number DS-2CD2432F-IW.
f5308846195618c1d90deb701b32687a1044057024da5ebb8faa201a03647d06
There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gmail app can access.
acde40f4552aa5149be44a28077696e55fd9ef012ef17e6a02fc5ba02d2dce2c
Exim version 4.89 suffers from a denial of service vulnerability while parsing the BDAT data header.
06400f3e55ff24c12a728e79c0653462e865d8c5b296a559adff089a0a57f067
Diving Log version 6.0 suffers from an XML external entity injection vulnerability.
d0450eb5a8f82ef2929848b75adb39ccab2685f6239626955cde5507f931229d
ZTE ZXDSL 831 suffers from an insecure direct object reference vulnerability.
56ed9803c128c1aed4f617858b3568c7769896b1c746cd91482983cbe371b484
Linux mincore() discloses uninitialized kernel heap pages. When __walk_page_range() is used on a VM_HUGETLB VMA, callbacks from the mm_walk structure are only invoked for present pages. However, do_mincore() assumes that it will always get callbacks for all pages in the range passed to walk_page_range(), and when this assumption is violated, sys_mincore() copies uninitialized memory from the page allocator to userspace.
61d7e638f72f1ff725aa52efa074d8cca09a3c845e1725489d85845af7ce7c09
Microsoft Edge Chakra JIT suffers from an incorrect function declaration scope.
747b70cd2c766255cc31286d6f576d8686314f74c6bb84aec68875dd42590077
Microsoft Edge Chakra JIT Inline::InlineCallApplyTarget_Shared does not return the return instruction.
70cace84bd9e2fa3381d1d38bcfd0743b83971ff7366be4881f9e6a185240aa3
Microsoft Edge Chakra JIT GlobOpt::OptTagChecks must consider IsLoopPrePass properly.
c96d94c8ca1ba7e89b1679856d3c4dc0c0774a75988d7d6d433e82e6c26d83a1
Microsoft Edge Chakra JIT BailOutOnTaggedValue bailouts can be generated for constant values.
07f0bd4f708fff233ac927cdb624650e28f9e7aced8b7cd40fa1755a2c57d631
WebKit suffers from a use-after-free vulnerability in WebCore::FormSubmission::create.
c2e26605ef8814643236d5f9d97cb4faad8aeb808f52594ca616c0d971826d8a
WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject::previousSibling.
8a278fe1a01bed0f7b17ac6fcc4317b1168ac683975a217d23d0e3a903eea3ea
CS Cart version 4.6.2 suffers from a remote shell upload vulnerability.
f1ee462ab8b8fb7db0ca71f0fe2dd6b5d840e12bdfd35c6ed9f2ecdcbed12fba
CommuniGatePro version 6.1.16 suffers from multiple stored cross site scripting vulnerabilities.
3e52615f6ac247f5b7f0192807d0e9b3cdda60d93e0f6fc7d7ba4ca2d4f3d665