This archive contains all of the 128 exploits added to Packet Storm in August, 2020.
fc6a187c67bce9ab49a95c0bd50043a6b006fefc5d97c521e4c3172dd7afc14d
CMS Made Simple version 2.2.14 suffers from an authenticated remote shell upload vulnerability.
466604865198fdf4efa8981ffa24845171d3c810353f943f64e436efb0db7782
Fuel CMS version 1.4.8 suffers from an authenticated remote SQL injection vulnerability.
2ea0ddfd95dc94a17243b871567489e22e7f921ef8c379a71e6218b4ce47dc0a
BlazeDVD version 7.0 Professional local SEH/ASLR/DEP buffer overflow exploit.
3214705b025f4b4c09036bdb5d37064c69c2fd782bb9dda774a65ceb209f38b0
Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.
889485056ea0278e03e33c2e37637e47e02417c5c9ffd5e84492bdf987f9cc93
TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit.
efe1a7401f03a5f9c81b8eb4bb60d718a7f4ccad13e2f144afa2bfb2bac9dfd5
Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42
WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337
SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
e338d1a038c462ffe3d9181e3b9e8eb1c580efd207a6480e628ceddc80e9935b
Nagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
0cbb3b91d14242f1ed289d73d97c2121efccdce37c5db3a5293e44fad703220b
ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
4f066c4a8cdc5c194bf13e721d902a077e402bf503eb72e35b7aa253ae12cbc4
Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.
cefd3a573b7ca1df14112830ceb07fbac0edea5f7fa5c698ca9c4056ae2633cc
Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.
1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a
ASX to MP3 Converter version 3.1.3.7.2010.11.05 .wax local buffer overflow proof of concept exploit with DEP and ASLR bypass.
7f84c77ff7d0602ebf55956621de4d05257783b831769bc70810340d9c65606b
Chrome suffers from a missing array size check in NewFixedArray.
f965bb8845cbd743f6e39b8ef9f5d5bdc466ca80d449a696894d54259e1e0c44
A Linux copy-on-write issue can wrongly grant write access.
fb12dc1d9b3c3b8710974411c8e04357da6fc10cd0ae77c98600c7e8fdfa8813
LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.
cad7a2d628bc94ce40dffb4a6b2b190126d7c4340fcc10dd46b615020e134487
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafef
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
21b41f43af648dca662d0ab37642578564bfab81368e243c65e5691dcaa6ebde
Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
0d192381d844963ab4c8b3ddc8c524eb72ca395130b9ffd616038a9114703f4e
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
3bf4ec39b2a0441671c1f3efdce8c8ed94b5e7df19f1cb7c73ed27a82277da18
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.
a97197dcba6a888b4ff5eb9cf844c8008659f343aa9bc34666c47cbcd4a02cc4
The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.
0ae399542cc10a8ccc557083deb691282149c87bc3ab0445c6922d410bec88ee
The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.
dc36265f20912463478c32c5203d3f4e619cc492c989532a060ccc10362e3045
Seowon SlC 130 Router suffers from a remote code execution vulnerability.
2c2caed94290b76cf2dcb160e2fa1928c1b317ff58fa6be49af50b2e9dfe1014