This archive contains all of the 231 exploits added to Packet Storm in January, 2021.
7cd2125f6c4866e1a36f09c05a6dddb980fa02f950983b794f462e761f335527Metasploit Framework version 6.0.11 msfvenom APK template command injection exploit.
0d9c5f7dc903dd1d7e2dd33b50690e3be7b460458dacf13578f2a28fa5ba3ec3Packed.Win32.Katusha.o suffers from an insecure permissions vulnerability.
a9b5e83001190ef68d071f5929c56248aad49dd3be5021af063c90e76906e12dBackdoor.Win32.MiniBlackLash malware suffers from a denial of service vulnerability.
990e85aa559b8d7872f4bd1d2d9c7414e72696a4e08982398c71d435a17e36c1Online Voting System version 1.0 suffers from an authorization bypass vulnerability that allows for the password change of other users.
b5602920743becf85d943b0687ceab51b1b1fe2b42685c27fffed369ebcea8e3BloofoxCMS version 0.5.2.1 suffers from a persistent cross site scripting vulnerability.
c6cc0a7902952943c480d0bed0bedebd44d4bb52108d4e042d32b75d376fb55aOnline Grading System version 1.0 suffers from a remote SQL injection vulnerability.
b03d85739dc18f083afd092e5bcc7421a9399a88f8fcb6b91fbece090f151f02Backdoor.Win32.Mhtserv.b malware suffers from a missing authentication vulnerability.
c2d962b6b33685f4a1b80d7ef4869d759d00c5699b31aa97936bf2d6accbf8a3Quick.CMS versions 6.7 and below suffer from an authenticated remote code execution vulnerability.
c14f2374f378b8f14bdd754ad6b876269ddc8433b34763841ada668656c12a01Home Assistant Community Store (HACS) version 1.10.0 suffers from a path traversal vulnerability that allows for account takeover.
06a8ea0658722e24ff3247bf292a001bb12ff1cf3cce3876e958d4add5ff945bBackdoor.Win32.Zhangpo malware suffers from a denial of service vulnerability.
5cb8723bcc0056e506df32a4a5bd6da484f5fa7c392b129308a901e46c9a4deeBackdoor.Win32.Zetronic malware suffers from a denial of service vulnerability.
58737cb63d2968feaacbe6dce8c7ad02a3d0289723f92f5a5dff7376fb89db3fMyBB Hide Thread Content plugin version 1.0 suffers from an information leakage vulnerability.
7f46b890703ec52c6f242ce37fd468e2f2fd79d720184202e24037508b01fd8bThis Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user. The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform remote code execution using a Powershell payload. It may require a few tries to get a shell because notifications are queued up on the server. This vulnerability affects versions prior to 18.2.39.
c4ad3f67d521bd09be953b85a6d838485af4c4523264fbbbeb295896439dc54aThis Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit Operations Bridge Manager (containerized) and Application Performance Management.
59be14dc0b274846876d82ee91afdb255998980f7c79be4eb7f93d0f3ff0e005Chamilo LMS version 1.11.14 suffers from a cross site scripting vulnerability.
66912e34644409efcf1b7788f9989030b4429b09a9c1f83c3d68aaa2c0bfe80bWordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.
d458dde25704ae9a84a9cb8589e1f0919761a65c226dcceea735075c88a51263jQuery UI version 1.12.1 suffers from a denial of service vulnerability.
a55ca73bbc5f68717781c8e410b1c0e9e38ac04872d990743803f483068e5332CMSUno version 1.6.2 authenticated remote code execution exploit. The original discovery for the vulnerability leveraged is attributed to Fatih Celik in November of 2020.
2477146e721d33c19e7c9e103dfd83b0cfc4343413f007eb0260e88e64259065EgavilanMedia PHPCRUD version 1.0 suffers from a persistent cross site scripting vulnerability.
698c586a1a7eeb7ff48dbd8ffc3ab17d4a04e04cb2345f871dc7e60b482e6822Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.
49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319fSTVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.
bda8da5ba4074ffde06a720da61629ec99f9e38178e55525b86f31b97249e06aSTVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.
0a9cb640eba6a906669801ecbb7614d41554d0eec07360c9f66358b489afe850STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.
01a27757ea3497d36138ec572cd914a1a6377e2a9a85bff332026c247bfe5accRevive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.
190f88d88bd59a6e458fe50325d73d4011e9b7ef2b33f6962a495f46bb142f9a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed