This archive contains all of the 140 exploits added to Packet Storm in July, 2020.
bc41a2bdfd55e0b3f722bba319f94065165fbaf06fad15311618e804c224576c
iOS suffers from a Page Protection Layer (PPL) bypass due to incorrect argument verification in pmap_protect_options_internal() and pmap_remove_options_internal().
32cee1a372a12e5942e506e272fddc32f9ae961ee5184a1f29319a3e36fa6521
This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV6_2292PKTOPTIONS option handling in setsockopt permits racing ip6_setpktopt access to a freed ip6_pktopts struct. This exploit overwrites the ip6po_pktinfo pointer of a ip6_pktopts struct in freed memory to achieve arbitrary kernel read/write.
00b0e1e6a5651af403765318e00556b0c8953f9ef2bbda38acb929b269045b6a
A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.
34f2633fdb04b0ab14dd5a0aedaf3e5d3b9e387d4d8619fbdd31dabb809602b6
This Metasploit module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot (controller) component when sending a specially crafted directory_list probe. Technically speaking the target host must also be vulnerable to CVE-2020-8010 in order to reach the directory_list probe.
e8a39681b3226039c089f38664d93db9e42e085ada3d1e0f014237aa468bd3c9
Online Shopping Alphaware version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c9c9c9485eca29f72f51a446d9758fd84d888d3463396be08d55e65155981fca
Online Bike Rental version 1.0 suffers from a remote shell upload vulnerability.
9d65a298b050a5b43708ca479a4d023a523e9e32c643aa86a173c413bd9ae026
Daily Tracker System version 1.0 suffers from a cross site scripting vulnerability.
37211990b92e06b8e30d593c2ad3ba20a97371dcc1889e35595564725e17ecfe
Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a8be4ff2a62d77c301deb8c022913ab021be0ba97c5458a6e843f74c9b13d029
Namirial SIGNificant SignAnyWhere versions 6.10.60.25434 and 6.10.100.25817 suffer from a persistent cross site scripting vulnerability.
f1f328b29dff74e4d952fa4373e9d20661bd0e05eaba6a1b6734c53afefab851
This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.
eead6190f3debc909c6e03fa4150c29da6936794b738a1702f89596b906fc97f
WordPress Maintenance Mode by SeedProd plugin version 5.1.1 suffers from a persistent cross site scripting vulnerability.
ff87ceae26dd08e823ae8410b57da1b1ea9f383506b8de5ebf0a1cd8ff0346f7
Cisco Adaptive Security Appliance Software version 9.7 unauthenticated arbitrary file deletion exploit.
9bff9df7bc31ade0ee6b87d153b448191f71eeb26ef4d1d4589e805582f16722
Adaptive Security Appliance Software version 9.11 local file inclusion exploit.
247cefda8529660c011d201a2b76720f081ad633e4d40f0c6ed55ebcb57f6f36
This Python script checks whether the target server is vulnerable to CVE-2020-3452, a vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) products that can allow for remote file disclosure.
f3d076dbbf728c5d5918c4039d0eaa629b5d9f90b1358b60f76542b5b020352c
Socket.io-file versions 2.0.31 and below suffer from an arbitrary file upload vulnerability.
711ef348c9b7a811fcc015a0073c09cabd304fdb53657ca775b0e1598313780e
pfSense version 2.4.4-p3 suffers from a cross site request forgery vulnerability.
fc6d23f0b394e0b5d17c407613ef674c7136745576f242d1f0be3d36a0d6a9eb
Virtual Airlines Manager version 2.6.2 suffers from a persistent cross site scripting vulnerability.
9f872ad5a6c09d808452faea6191e3f7b16e14d2e4b1d00aa1a017f89ec9b3e2
Ruby On Rails version 5.0.1 remote code execution exploit.
683d5a9b1afa700a03c9691bb24a66690a1d3638f1a51a479caba5d775183dde
docPrint Pro version 8.0 Add URL SEH buffer overflow exploit with egghunter.
dd4e98dd5e747ae94567317968876aab24b660fd50456fe60182d6b1a637bca2
eGroupWare version 1.14 suffers from a remote command execution vulnerability.
a381aecc119f269641e3b708ad05a450e09f92376931526387ffd0babdd9647d
Sickbeard version 0.1 suffers from a cross site request forgery vulnerability.
fb7ff74399dd41af73da61c6057aeca55faa383d2d9ac10051deeb6851a8d976
F5 Big-IP versions 13.1.3 Build 0.0.6 and below suffer from a local file inclusion vulnerability.
7b768dd9baf48ed6e7c7a355d7f0e0b923399ef39d904559aa23fe9980660222
Bio Star version 2.8.2 suffers from a local file inclusion vulnerability.
fe896d6e3b635c920392b7283d867dd70da7d6cfb284bd7a40ee17e1ea5a9dcb
Koken CMS version 0.22.24 suffers from a remote shell upload vulnerability.
2bc1af86e727dc1909fd277bb132f260edf7a54579fa53e50a566db82cc59cbb