This archive contains all of the 175 exploits added to Packet Storm in February, 2020.
16c88c34a846c5c242636e4cd2ff7ad7a64ba6100f23ee725366102da83ec834
MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.
beaafdc5dee4b589fa59d194bbcda3aad72131beb6a748f37bda94014f9e24e2
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96
qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.
7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3d
Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0
Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.
412f788875a5daf71252244d087b880c4599e16c220ff869fdb9818a05b134b4
This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces each userspace pointer with a kernel pointer allocated with kzalloc(). Unfortunately, in the error case it will iterate over all the pointers in the array (regardless of how many, if any, were converted to kernel pointers) and call kfree() on each of them. Thus, all it takes to call kfree() on an arbitrary number of controlled pointers is to make the second copy_from_user() fail after successfully copying in the desired number of pointers to free.
efd831d3ab7c9c5578f97a34507b505b0fb6cf8ddb61a22e805c5ade1953fcdf
XNU suffers from a use-after-free vulnerability in tcp_input.
25701e8eca80114c8645a6f7aaac15b7712ce7c0be471ffb9169c8dccc28d609
In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.
133fd193ed2f3352ad3d3ca59c54ca66ce35d1f5a46084a1a696a14e6b2f9edc
The function __vipx_ioctl_put_container() in the Samsung kernel calls copy_to_user() on a vs4l_container_list structure that contains a kernel pointer, exposing that kernel pointer to userspace just before it gets passed to kfree().
cf04790c8d0e642b1910122bf8fab8586f7ff1ad7f3556e2103975c6e9559788
Comtrend VR-3033 suffers from a command injection vulnerability.
144d230fc575963771df80953220dd09c869bfb784d07d198dcc03ca718353e2
PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.
30ba65e62713fe6095418decd4abb733bd8f2877feb82c9d1595e96fc2c03f2a
Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.
ce27f7aee229138d952cf8d2435eb4aec6b21f40ec4ff582c7ee3c49ef97d2c0
PhpIX 2012 Professional (Beta) suffers from a remote SQL injection vulnerability.
a7d2c1dad83a8e2dadaa2750e429478f35c735c63b192316935b65bd8f94d363
Core FTP LE version 2.2 suffers from a denial of service vulnerability.
e2ab37670d91bc1c8ad507a3584060354b682133086609a64574cf7fed9da8cf
Apache Tomcat AJP Ghostcat file read and inclusion exploit.
2cb37d2adc51e868f0ba9c5b8b8f0150f2aacbb92a005b9a560ea332c4143aab
Easy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.
851a67bfd8ce384f26b48979d982f4ba8f81ab365429667ea3ce3ad73ebc3d8c
DirectWeb version 0.4.0 suffers from a cross site scripting vulnerability.
d77b1c678881bde75ca97d7ebe5dff0397a1af27b70a9eee74d587c2a8bec01b
Cacti version 1.2.8 suffers from an authenticated remote code execution vulnerability.
56cc6422c5477bd9cb39748c97408cbda4d9c2b376cadcbfd9f1e8930b549790
Cacti version 1.2.8 suffers from an unauthenticated remote code execution vulnerability.
b14631bfc6fe1d158869f68e3d4b39c3a7081d27db7f6278239eea4c70b81555
Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.
2c58b82819510289b2fd55d1c6a82b81b279777abd6a6b0db391f990ec12b148
Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.
3617b8854e485e1d063e08764e96429e54c6b7bb0467d127e819133f80c925d5
Astak CM-818T3 2.4GHz wireless security surveillance camera remote configuration disclosure exploit.
ad19dd11d7736fd3ada2ef71991e1c460b83b06c633d85a704dad751959e2c2a
Odin Secure FTP Expert version 7.6.3 suffers from a denial of service vulnerability.
3a1f3beac853f307a3dec540dfb41e2f7a1608f74b3bdcb720afcaa8658f97ec
Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.
faccc20610a3a485e40c8340014f14252b181308de06bde1189b8099b5152e83