This archive contains all of the 162 exploits added to Packet Storm in July, 2018.
bb3e29f2637bb76f15ec10ecfceb1c3bdd60d6904e83d4a26a4a4a5a6ff8a7db
HRSale HR Management PHP script version 1.0.6 suffers from a local file disclosure vulnerability.
24dece3cc4b30581cf31674a334b44bc8bfe8ed1a1993eea1d0dfe4ae21e36b2
There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC.
21d523fd5549d9556e9ef3c105036bc75e80a29b5eeba23b027e4818267b1b23
There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incoming_rtp_packet, which is an RTP packet with a mac length that is defined by the transport (2048 bytes for DTLS in Chrome). This packet is then copied to the received_packet in several locations in the method, depending on packet properties, using the lenth of the incoming_rtp_packet as the copy length. The received_packet is a ForwardErrorCorrection::ReceivedPacket, which has a max size of 1500. Therefore, the memcpy calls in this method can overflow this buffer.
d1a68d115602943c75ef4224cd1f0eadd4d0f1d0737c781bbf560884db40f90e
WebRTC suffers from a type confusion vulnerability when processing an H264 NAL packet.
7a98aa48ebd3fd8ee3a76a39cc9359ca7355ec5c84d89ba4f028ce76ad7080ca
This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding, which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. Combining these vulnerabilities gives the opportunity execute operation system commands under the context of the web user.
e048b287fa9b1c563e4abbef41aa3bba7b08f57876871aa13df7a85cbfa88dc7
This Metasploit module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 (Build 8110.1197) and below. This virtual appliance can be downloaded from http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a holistic way to manage your entire network security environment.' These vulnerable versions (8.1 Build 8110.1197 and below) do not prevent unauthenticated, external entities from making XML-RPC requests to port 21009 of the virtual app. After the XML-RPC call is made, a shell script is called like so: 'timeSetup.sh --tz="`command injection here`"' --usentp="blah"'.
3ea8f89babd83493299c07cc57498192adc1d1211b70c591ce981e56273317cf
Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM version 6.3.0.
0e5c78b52a8faacfdb2de57265661b6c719a85c4847298f55630458f64d9b2ed
Microsoft Wireless Display Adapter versions 2.0.8350 to 2.0.8372 suffer from command injection, broken access control, and evil twin attack vulnerabilities.
12ac02f7b82abb950c50fc899c9ee75f0eb6c39678669493f3d3a29f178c6b13
Charles Proxy version 4.2 suffers from a local root privilege escalation vulnerability.
022b946b1409e26401b209a1aa852ad95f4591f9759d07971ea39abb73b53a73
It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.
f8811f70025a2c7cb736546cf68f180165bf220f896460ba119cccb6e37d586c
H2 Database version 1.4.197 suffers from an information disclosure vulnerability.
7841faedc6bfb56845db58f47690946b3a6272eac90086bb68a2620ab9cb2cc2
Microsoft Windows Kernel win32k!NtUserConsoleControl denial of service proof of concept exploit.
47e748a334f6f70e95518c223320b5c7d7cf8bda63d29793d1ec8a9e55c4154b
Allok MOV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.
f044517576deac6ab5a1a13f6f5e6467e05afc881c175e184e7ebf9eb713f076
ipPulse version 1.92 suffers from a denial of service vulnerability.
4a5a02e1b9f0a0103ee6a0477f471fc2ab102ac2f5994c9398773abb0311a0ea
Responsive Filemanager version 9.13.1 suffers from a server-side request forgery vulnerability.
e9c40ef19ba416da82946bec3db89cc130e0432d4bd93202e74d00cf5fca232d
ProjectSend version R1053 suffers from a remote SQL injection vulnerability.
7e560a7ee3e096b492aa90ec4b4ab7428bc24dd169938521599649a2901408f2
Super CMS Blog Pro PHP Script version 1.0 suffers from a cross site scripting vulnerability.
6b875f82575cf8b8894a0639b985b07f89d77d1cf49aafe862c3b40559ea2e8d
This Metasploit module exploits an arbitrary file upload vulnerability in Responsive Thumbnail Slider Plugin v1.0 for WordPress post authentication.
8ee01269b9ed74a3a7ab070775e8793353cb3fbec90f61759ae14ae92e25bdfa
Symfony versions prior to 2.7.13 suffer from a remote information disclosure vulnerability when app_dev is enabled.
baa4cb71d8a7e687f3f227e5d3b231e472d19e18576f68e684b2fa07658110b1
QNap QVR Client version 5.1.1.30070 Password denial of service proof of concept exploit.
344266a6610d9fb0b8af67ee0364c8582222e5c2c5b279a1ff7c99858b7373b3
NetScanTools Basic Edition version 2.5 Hostname denial of service proof of concept exploit.
792e6842f6cc2cb1b7aa4155d87d7e9828717fae9e9df0341583619885054295
Online Trade version 1 suffers from an information leakage vulnerability.
a91f5b0e4cfa752730c67a58f8a10dcd191b2f0472451320697abfd0f4be2e53
SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26
WordPress Gwolle Guestbook plugin version 2.5.3 suffers from a cross site scripting vulnerability.
0102adc89a526756f71376d8ca8b12e0af203e535a067eed6ad082c80015d2a0