This archive contains all of the 149 exploits added to Packet Storm in March, 2018.
71771db4bbf6cafbfb21fb4a9ecf8f271a0382abab4130979bb2a238430a3c2c
VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from authenticated remote code execution vulnerability. Including a cross site request forgery vulnerability, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
f1cf92d74150abb39ece448b2e879132cdeec1dad40e941838baff6d6ac1147d
VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from an authenticated arbitrary file disclosure vulnerability including no session expiration. Input passed via the 'ID' parameter in several Perl scripts is not properly verified before being used to download system files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks.
9fdb71614470b3895e28afe235e28c5784709277cd64d29608144c5fc0584e48
The DNNarticle module in DotNetNuke version 11 suffers from a directory traversal vulnerability.
a41413f4c748f4fcf065a3f2c5c4e0ab8f4515a8fb6dafd0bde8c679cd929bf0
Homematic CCU2 version 2.29.23 suffers from an arbitrary file write vulnerability.
dd409c7f1b228ba72e9d1b5031af8e53c65f1eacf0f69e50abd6527af29fc5a5
Frog CMS version 0.9.5 suffers from a cross site request forgery vulnerability.
de887657ffddfe13ff2711bcdfd0a752e08c6fc7fb4d7096eb0a29acc662fcc2
WordPress Contact Form 7 to Database Extension plugin version 2.10.32 suffers from a CSV injection vulnerability.
a1e2f6ff5db573c57f2014f08ae3e5c445da423f0442bc5bf91d63f4b6974da0
Joomla Acymailing Starter component version 5.9.5 suffers from a CSV macro injection vulnerability.
79b6c5b7c330a02114e00055a2436ba7e3e992b66ce38f41a047b764a31482cc
osCommerce version 2.3.4.1 suffers from a code execution vulnerability.
3a9c8b3b77bdf3e503378fb0902da7dfcb3e2c29c42deb289a62f986ab00800f
MiniCMS version 1.10 suffers from a cross site request forgery vulnerability.
721a51e53d1998c15ee3fada2f7e9dc176be6d95e57db860592ccfbc8755bf96
Systematic SitAware suffers from a denial of service vulnerability.
4bb760f13fc71196edd91cdf71a8c42c83fa772fbb0a0e2ad4ba3a813ee7e121
Homematic CCU2 version 2.29.23 suffers from a remote command execution vulnerability.
557b93e2321a67871d7ee634a72bf196e8730d6ff7724ac372a8b095eff95cbb
Joomla AcySMS component version 3.5.0 suffers from a CSV macro injection vulnerability.
f34e0a09b18099dba0c7b06e0efc752e601eb227dd42dd32490f76f20726f914
WampServer version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
905c4d7fd4fc2cf1c89222a0cb7e2346073185b02ec25bb49977dd24875f524c
WordPress Relevanssi plugin version 4.0.4 suffers from a cross site scripting vulnerability.
de2e9805aecef79b31fdcc4da3b54e9c98e5470b3d3467d95ff56e951dec4a73
WordPress WP Security Audit Log plugin version 3.1.1 suffers from a sensitive information disclosure vulnerability.
a47629c5bd8c626fce9819e8ba2183b5c2383a496409dedde4f1ffcad89ae3ec
Crea8Social Social Network Script versions Pro and Business suffer from multiple cross site scripting vulnerabilities.
1c511dc6984605cbfe67498189817b0bf03de1884d46c7de560e7dfbbd580f69
This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker with libmemusage.so library.
866ac744c655ede9c376e4a47945a3a0e64a8cdb089b30ec2822adfef9bb9512
Tenda FH303/A300 with firmware version 5.07.68_EN cookie session weakness remote DNS changer proof of concept exploit.
f22ca3309579c6470ec144c91bb08b31ee848ae464b29a86c336af34a0a05882
Tenda W3002R/A302/w309r wireless router version 5.07.64_en cookie session weakness remote DNS changer proof of concept exploit.
8cc38578d0ff95d3332823d20ae52be3189b1e08724702def4de3110ca79e255
Tenda W316R wireless router version 5.07.50 cookie session weakness remote DNS changer proof of concept exploit.
659258d6cf96aff07ffb8be69a9afda153ab863ca8f7cf9c41aec604c9a882d0
Allok Video Joiner version 4.6.1217 suffers from a stack-based buffer overflow vulnerability.
085a2394267df8e20d42091a554c405acd982ea390791df5252d485e8af96c81
Advantech WebAccess versions prior to 8.1 webvrpcs DrawSrv.dll path BwBuildPath stack-based buffer overflow remote code execution exploit.
3917887b7385488d5ab094dd0cfa0c73128701eb66ed70da342531a89b649458
This Metasploit module exploits a command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute an operating system command under the context of privileged user. The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing the given system. This endpoint calls several internal classes and then executes powershell script without validating user supplied parameter when the given system is OfficeSharePointServer.
a9eac798117fa04eab31bed74f5ad242fd765118d1e7c673979dc44d64574e70
Tenda W308R V2 wireless router version 5.07.48 remote DNS changer proof of concept exploit.
da812361ffff26f846e7670639231461ac7239dc66c4e6b4587ef077c32f42cd