This archive contains all of the 97 exploits added to Packet Storm in September, 2020.
4ff91bd662df0a99640af224386b9628158a60690cb36827812fbec042bea43aThe installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
74ae12d312c6c46fa9f122b2a106d803de515d0b707dfe34720c066dd56a2680MailDepot version 2032 SP2 (2.2.1242) suffers from a session expiration design issue.
700f980163d0fca1ea48e794d6af4f154b44ba1253811ef8c5c1d57d881a5603DOMOS versions 5.8 and below suffer from a command injection vulnerability.
f79d55cd2e399530aae5ed6c8d32963564e7a1e6dcd732e4f4fc6cb4d787808fQiata FTA versions 1.70.19 and below suffer from a cross site scripting vulnerability.
ffa825bb3a9b050965fbf372d65a3eb70ac962e897f3c02dab225c86de686b1cWebsiteBaker version 2.12.2 suffers from a remote code execution vulnerability.
fa7e1552592e449fd97dc552bdebc64f0b917d21b1d2f57451d3ca16124dda74BearShare Lite version 5.2.5 buffer overflow proof of concept exploit.
a52c5f351ec08e7c33c7ea5194951670316464845b63be28459a553f59dc8844It appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue.
8e18dbc56574e080e742895300d9e809339058ef58eb5d6a3369cb6d7a66780aCloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.
fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.
c8c3442a86453108afc78a8c318c4066965ecee2291d2821b49be30d0944428dJoplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.
31ca9b8599ce9c83932797054a4edb9d935327170c17b0b17e8f585827a0591eMSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.
d3812dcad998d0f840196864aac543b840cbaf34007890de731a2ca9e42a75b2This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.
3a60a69dcbeb7de997adcc7d739647b41b00df07ef99e3f346dd78c5b1f47616This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).
46bcd0fb88548beb443fdf27155d8d4343ca495c9eb2a3289d06a46da4ac2b7bBigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.
92f4a303fee246d434165dc019b78a49fcc67be677212629c4facc2f010f054cAnchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability.
2288d0c14aa10c3089a21d3372596ca0880f0ee28d0af1aa294dfcf4eef0c75dSimple Online Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability.
5be9ad3712f81aa3338ec6d04c94ef713c4e4f4a6227007e4eb1f455fa7c71f1Online Food Ordering System version 1.0 suffers from a remote code execution vulnerability.
b00e3e55a7092bb1191e37b676c6ea8eb89f153da41044bc07a0adbccb450ff2This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system.
078f133f8a5eb45e3921bb8de3c7d640fa15b03306907ebf439e915e4be64e2aAn unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.
3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373daVisitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.
a2c9a67834ae7b5586ab0924c27409536188445292536240d0435a2a049b9826Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.
ab71e9e2d73f91afd6433dee7ea244f66a2b959b00c6468e3921bccb4fff8517Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability.
cb1c652d4ae15d8448990bede6751ce07de7adb24b5262b41a248c1d481c164fGoogle's osconfig agent was vulnerable to local privilege escalation due to relying on a predictable path inside the /tmp directory. An unprivileged malicious process could abuse this flaw to win a race condition and take over the files managed by the high privileged agent process and thus execute arbitrary commands as the root user (full capabilities). Exploitation was possible only during an osconfig recipe being deployed.
1cc92e5ebabd438a79296409a717f268826979019ed2cd8fa31fe695998e710eFlatpress Add Blog version 1.0.3 suffers from a persistent cross site scripting vulnerability.
b05ba3a8a8edfeb2bc69bce1cc9b801363648b1c925575a4dffaf8545342a5f4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed