This archive contains all of the 128 exploits added to Packet Storm in August, 2020.
fc6a187c67bce9ab49a95c0bd50043a6b006fefc5d97c521e4c3172dd7afc14dCMS Made Simple version 2.2.14 suffers from an authenticated remote shell upload vulnerability.
466604865198fdf4efa8981ffa24845171d3c810353f943f64e436efb0db7782Fuel CMS version 1.4.8 suffers from an authenticated remote SQL injection vulnerability.
2ea0ddfd95dc94a17243b871567489e22e7f921ef8c379a71e6218b4ce47dc0aBlazeDVD version 7.0 Professional local SEH/ASLR/DEP buffer overflow exploit.
3214705b025f4b4c09036bdb5d37064c69c2fd782bb9dda774a65ceb209f38b0Online Book Store version 1.0 suffers from a remote SQL injection vulnerability.
889485056ea0278e03e33c2e37637e47e02417c5c9ffd5e84492bdf987f9cc93TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit.
efe1a7401f03a5f9c81b8eb4bb60d718a7f4ccad13e2f144afa2bfb2bac9dfd5Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.
2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.
22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
e338d1a038c462ffe3d9181e3b9e8eb1c580efd207a6480e628ceddc80e9935bNagios Log Server version 2.1.6 suffers from a persistent cross site scripting vulnerability.
0cbb3b91d14242f1ed289d73d97c2121efccdce37c5db3a5293e44fad703220bZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
4f066c4a8cdc5c194bf13e721d902a077e402bf503eb72e35b7aa253ae12cbc4Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.
cefd3a573b7ca1df14112830ceb07fbac0edea5f7fa5c698ca9c4056ae2633ccMida eFramework version 2.9.0 suffers from a remote code execution vulnerability.
1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421aASX to MP3 Converter version 3.1.3.7.2010.11.05 .wax local buffer overflow proof of concept exploit with DEP and ASLR bypass.
7f84c77ff7d0602ebf55956621de4d05257783b831769bc70810340d9c65606bChrome suffers from a missing array size check in NewFixedArray.
f965bb8845cbd743f6e39b8ef9f5d5bdc466ca80d449a696894d54259e1e0c44A Linux copy-on-write issue can wrongly grant write access.
fb12dc1d9b3c3b8710974411c8e04357da6fc10cd0ae77c98600c7e8fdfa8813LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.
cad7a2d628bc94ce40dffb4a6b2b190126d7c4340fcc10dd46b615020e134487Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafefEibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
21b41f43af648dca662d0ab37642578564bfab81368e243c65e5691dcaa6ebdeEibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
0d192381d844963ab4c8b3ddc8c524eb72ca395130b9ffd616038a9114703f4eEibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
3bf4ec39b2a0441671c1f3efdce8c8ed94b5e7df19f1cb7c73ed27a82277da18Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.
a97197dcba6a888b4ff5eb9cf844c8008659f343aa9bc34666c47cbcd4a02cc4The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.
0ae399542cc10a8ccc557083deb691282149c87bc3ab0445c6922d410bec88eeThe handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.
dc36265f20912463478c32c5203d3f4e619cc492c989532a060ccc10362e3045Seowon SlC 130 Router suffers from a remote code execution vulnerability.
2c2caed94290b76cf2dcb160e2fa1928c1b317ff58fa6be49af50b2e9dfe1014
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed