This archive contains all of the 175 exploits added to Packet Storm in February, 2020.
16c88c34a846c5c242636e4cd2ff7ad7a64ba6100f23ee725366102da83ec834MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.
beaafdc5dee4b589fa59d194bbcda3aad72131beb6a748f37bda94014f9e24e2This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.
7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3dNimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.
412f788875a5daf71252244d087b880c4599e16c220ff869fdb9818a05b134b4This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces each userspace pointer with a kernel pointer allocated with kzalloc(). Unfortunately, in the error case it will iterate over all the pointers in the array (regardless of how many, if any, were converted to kernel pointers) and call kfree() on each of them. Thus, all it takes to call kfree() on an arbitrary number of controlled pointers is to make the second copy_from_user() fail after successfully copying in the desired number of pointers to free.
efd831d3ab7c9c5578f97a34507b505b0fb6cf8ddb61a22e805c5ade1953fcdfXNU suffers from a use-after-free vulnerability in tcp_input.
25701e8eca80114c8645a6f7aaac15b7712ce7c0be471ffb9169c8dccc28d609In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.
133fd193ed2f3352ad3d3ca59c54ca66ce35d1f5a46084a1a696a14e6b2f9edcThe function __vipx_ioctl_put_container() in the Samsung kernel calls copy_to_user() on a vs4l_container_list structure that contains a kernel pointer, exposing that kernel pointer to userspace just before it gets passed to kfree().
cf04790c8d0e642b1910122bf8fab8586f7ff1ad7f3556e2103975c6e9559788Comtrend VR-3033 suffers from a command injection vulnerability.
144d230fc575963771df80953220dd09c869bfb784d07d198dcc03ca718353e2PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.
30ba65e62713fe6095418decd4abb733bd8f2877feb82c9d1595e96fc2c03f2aBusiness Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.
ce27f7aee229138d952cf8d2435eb4aec6b21f40ec4ff582c7ee3c49ef97d2c0PhpIX 2012 Professional (Beta) suffers from a remote SQL injection vulnerability.
a7d2c1dad83a8e2dadaa2750e429478f35c735c63b192316935b65bd8f94d363Core FTP LE version 2.2 suffers from a denial of service vulnerability.
e2ab37670d91bc1c8ad507a3584060354b682133086609a64574cf7fed9da8cfApache Tomcat AJP Ghostcat file read and inclusion exploit.
2cb37d2adc51e868f0ba9c5b8b8f0150f2aacbb92a005b9a560ea332c4143aabEasy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.
851a67bfd8ce384f26b48979d982f4ba8f81ab365429667ea3ce3ad73ebc3d8cDirectWeb version 0.4.0 suffers from a cross site scripting vulnerability.
d77b1c678881bde75ca97d7ebe5dff0397a1af27b70a9eee74d587c2a8bec01bCacti version 1.2.8 suffers from an authenticated remote code execution vulnerability.
56cc6422c5477bd9cb39748c97408cbda4d9c2b376cadcbfd9f1e8930b549790Cacti version 1.2.8 suffers from an unauthenticated remote code execution vulnerability.
b14631bfc6fe1d158869f68e3d4b39c3a7081d27db7f6278239eea4c70b81555Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.
2c58b82819510289b2fd55d1c6a82b81b279777abd6a6b0db391f990ec12b148Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.
3617b8854e485e1d063e08764e96429e54c6b7bb0467d127e819133f80c925d5Astak CM-818T3 2.4GHz wireless security surveillance camera remote configuration disclosure exploit.
ad19dd11d7736fd3ada2ef71991e1c460b83b06c633d85a704dad751959e2c2aOdin Secure FTP Expert version 7.6.3 suffers from a denial of service vulnerability.
3a1f3beac853f307a3dec540dfb41e2f7a1608f74b3bdcb720afcaa8658f97ecMagento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.
faccc20610a3a485e40c8340014f14252b181308de06bde1189b8099b5152e83
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed