This archive contains all of the 268 exploits added to Packet Storm in January, 2018.
7e5a3bf17c890cbc7f6043993aa45f75bcf3817920813523342419e2bc02b55c
This Metasploit module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cmd /c'.
020bc853633a23b3189378857da4cf64c9fbfa92972a9d8257b10605b54490ec
IPSwitch MoveIt versions 8.1 through 9.4 suffer from a persistent cross site scripting vulnerability.
12013f6ce4d0f0ab29797d4705be8ffde2e21245d164e6f3205ddeebdbc5c88a
Chromium suffers from a sandbox escape vulnerability via an exposed filesystem::mojom::Directory mojo interface in the catalog service.
cc97041329fb5fde5d5be5b7ba4a75fde06179aa88f36bf5eb0548c2978bc596
Sprecher Automation SPRECON-E-C and PU-2433 versions prior to 8.49 suffer from directory traversal, missing authentication, broken authentication, and denial of service vulnerabilities.
dbe54c5ea42b2b718d2e52d43f2a94c9324fceea90c90f40ef71e0110a6e0d24
systemd (systemd-tmpfiles) versions prior to 236 suffer from an fs.protected_hardlinks=0 local privilege escalation vulnerability.
ab5c7f27e35d1f4741577e57058839ae024c0d913dfc8c629d2aad07f55c2130
This Metasploit module exploits a buffer overflow in Dup Scout Enterprise version 10.4.16 by using the import command option to import a specially crafted xml file.
9e66581c3952dd3cb70260f079d2681e43c224c9773b59e41966964f02086b66
WordPress Propertyhive plugin version 1.4.14 suffers from a cross site scripting vulnerability.
e4f3af738709f4d07dc057b3c40d44164665ce6277788575343fa5b52e81b87c
System Shield version 5.0.0.136 suffers from a privilege escalation vulnerability.
f626a4f9552099668be23ebb87041f750ded49c5680a8ffbd4970f638156b4aa
BMC BladeLogic RSCD Agent version 8.3.00.64 suffers from a windows users disclosure vulnerability.
5995833cc8f492dec87584458463636dea93dbe19e46cb2d7a645ff0909fa614
Joomla! Visual Calendar component version 3.1.3 suffers from a remote SQL injection vulnerability.
b63c30a3be5fad7c6687354ff13bfe87760888a3717db786e7e4fd41f9810341
LabF nfsAxe version 3.7 TFTP client suffers from a local buffer overflow vulnerability.
b2ab8c63149c71231ff3b1397adcdaa6415b1b9db4923fab52052508bc794d29
Joomla! CP Event Calendar component version 3.0.1 suffers from a remote SQL injection vulnerability.
74e35677bb968d8e58f9d0e69cd67ad89b951a036914cc794f2e48c09359b1ce
Joomla! Picture Calendar for Joomla component version 3.1.4 suffers from a directory traversal vulnerability.
ddb0e45b904fc04833b2f63cc66c6954f195a4871fcc92ba1fa31de687913419
OwnCloud Server versions 8.1 through 10.0 suffer from a user enumeration vulnerability.
f37e67829e665a898bf68c2848f71f8bc90ffbb5b72d6424387b5e59ac1e5c43
Arq version 5.10 suffers from a local privilege escalation vulnerability. Proof of concept 1 of 2.
0d145877f7ff0d9c7b797125905a2cbae4c2e362dccae30cc90a0cbc2d6b5c15
Arq version 5.10 suffers from a local privilege escalation vulnerability. Proof of concept 2 of 2.
d6e8065acf10afa34812344b7aeadb464a28dc414bdfe402a6e69d6c3e1f9e69
Advantech WebAccess version 8.0-2015.08.16 suffers from a remote SQL injection vulnerability.
16f7cbd1a62ea43d75bb9453984431e804ee465d9a86013ea46d2004a1667ff2
HPE iMC version 7.3 suffers from an RMI java deserialization vulnerability.
922064ae08e689f5f6b61f2d38c19479a08bc094ab866c6ce11fcb3ba20f8939
The Oracle WebLogic WLS WSAT component is vulnerable to an XML deserialization remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0.
4ec37da27b4c2bc377cee005689b9de7e837a03542a60ce1130758c857cb9228
Joomla! Jtag Members Directory component version 5.3.7 suffers from an arbitrary file download vulnerability.
b3c650eda5b1320889be902af43e61bbe672b52ef83b4fa414b3a84a7a3d4244
Vastal I-Tech Facebook Clone version 2.9.9 suffers from a remote SQL injection vulnerability.
6a4bea54f96a5388d0ed25f3ed57426f8302b6dd95638d6d8757dfbebc4c3bd1
Joomla! JS Support Ticket component version 1.1.0 suffers from a cross site request forgery vulnerability.
ce31c0f8fae594bdf237ff159fc0abe2483f66c6f5f97714b20b2d1a73960d47
Rapid7 Nexpose version 6.4.65 suffers from a cross site request forgery vulnerability.
e7c745111bca375c04ee03dcf7781e4229cfd0f896ab6adfb526dd9f0698eb8a
Task Rabbit Clone version 1.0 suffers from a remote SQL injection vulnerability.
28acaa8464d5d53ee96e286187504a97412ced591ecad0cdbb48285e0f4e9eb1