This archive contains all of the 163 exploits added to Packet Storm in January, 2020.
726cdb16ce781410d35beba804af2cb48f391958c88806a53e778ca623f92a08Intel Processor Identification Utility version 6.0.0211 suffers from a local privilege escalation vulnerability.
18b5a81e1da4cff60545121275526325503d467e4282f7ffac69136bae2a23cdFlexNet Publisher version 11.12.1 suffers from a cross site request forgery vulnerability.
3bc1c76fee354ec8cf2d7dbe9cd0af6558bfd6d10490f30d8649322f4bd04aa0Lotus Core CMS version 1.0.1 suffers from a local file inclusion vulnerability.
64a93093c3144c62847025d1a0a0a0a219c1538c1ff7ebd71cf3f9e630e664b0The fix that was applied to address a code execution vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) was insufficient.
b9b4e23fba87a6da6a86f939c567edd6b4d826078dea81dcf76c39a0ac44882crConfig version 3.9.3 suffers from an authenticated remote code execution vulnerability.
0f26c86a269bf983f144de86b9776ac084b92fb228ce91852dc3bc38419b270eOpenSMTPD version 6.6.2 remote code execution exploit.
abe43f7110bb331986cc5d9ed522108c73061ac20671c668b7da6fcdfb9996c1Centreon version 19.10.5 suffers from a Pollers remote command execution vulnerability.
824b22c2f352d66d1fac5582a1d6e01a40daed3d2d240e0e289674e34e783629Cups Easy version 1.0 suffers from a cross site request forgery vulnerability.
6573b5e541b8a5b91dccf2d5f08c2f5b5842f84ea72dc72f552b2d75d2f7922eCentreon version 19.10.5 suffers from a centreontrapd remote command execution vulnerability.
04324f51cee387f1f74eb254c7e283bedc63a9863560d41a110278c3b9393862XMLBlueprint version 16.191112 suffers from an XML external entity injection vulnerability.
578c695a7bac94cbba188e7993ccad84842dd53c1c84168f5daa5d9ce64b42f6Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.
9415f92980a964e9430ed555502126d19de735d2acfd5db27d83bb342e5a8b2cKibana version 6.6.1 suffers from a CSV injection vulnerability.
a79072142212672614328199a639b428a9f3f3037ca68d2e9881ff24fcea8b7dLiferay CE Portal version 6.0.2 remote command execution exploit.
7e715e5aaa09f0ebc36c4eadd46505fbe50b4b054a71dcc398ae73a92e5439d8Satellian version 1.1.2 suffers from a remote code execution vulnerability.
1a239d2ff6e4bd53b95bafc7bdbaf968f2de1f7ec2f2729bd748a4efd4ef3282Fifthplay S.A.M.I suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
630e06e3c3643cee924b3268054f04cedfdbb2680e72b328374e56840ebc6779Octeth Oempro version 4.8 suffers from a remote SQL injection vulnerability.
55a32d43a2708d0a24161b5c962ee9d6c3e283d5d2c1e08792ae49a04fbe3e3bCentreon version 19.10.5 suffers from a remote command execution vulnerability.
030cbc7db120adeefb9decf4ed1426aeca2c73286c9d115a1f53d790e4e5f8edCentreon version 19.10.5 suffers from a database credential disclosure vulnerability.
af96c61510aefc06361e0fc409d2e6716ceaaa9f3a8292aff4fababf2d56ec14Adive Framework version 2.0.8 suffers from a cross site request forgery vulnerability.
8c22a6a1fd1db3e124fbd220c2bea81eab2716215bea0edef67f0a8767ce3ea5macOS and iOS suffers from an ImageIO heap corruption vulnerability when processing malformed TIFF images.
13426064f89c728f71398758157ce3dd58664468ab3aed036f25619661b4c556IceWarp WebMail versions 11.4.4.1 and below suffer from a cross site scripting vulnerability.
b1d59d10afa0597ee6e01634475762a3e3ad59bcf52face57e1c8eabb9c99e6bFusionAuth versions 1.10 and below suffer from a remote command execution vulnerability. An authenticated attacker with enough privileges to access the template editing functions (either site templates or e-mail templates) in the FusionAuth dashboard can execute commands on the underlying operating system using the Apache FreeMarker Expression language.
876ccd82d5bf49d3dd83506c810a93433c3fc4fbba012da2f79d8be9687745f0This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.
a5eae45f8004a3a4b9959a2fb2174fae1431d896302f66af21a6c07750294f7bTorrent 3GP Converter version 1.51 suffers from a stack overflow vulnerability.
0a6bf57e311da6213ff5f4ff1f5e598ded42f0dd078d113f7b8f6fe9042d668b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed