This archive contains all of the 233 exploits added to Packet Storm in March, 2021.
422b36d3f353e5d326732b3a5dadabe3b17d488389620879030568181638bfdb
Backdoor.Win32.Burbul.b malware suffers from bypass and man-in-the-middle vulnerabilities.
ad0e9ad069b7a492e94bc717fcb4d4cb336ceb2993d94d7301f2e8e08d2538e4
IRC-Worm.Win32.Silentium.a malware suffers from an insecure permissions vulnerability.
a858aa6f954f6eb267908dd506d8e509ad0831de083ae345353bd5a536e89ff5
DD-WRT 45723 UPNP buffer overflow proof of concept exploit.
a012a17d9ce0e0d95f7e95db692e5e14fa8c4f7101947dc62ddf80c2c524236d
CourseMS version 2.1 suffers from a persistent cross site scripting vulnerability.
dbf55a8d9aec923ba1b50113fb4b0695591fcc4cfb9d14287a183c8e0842791d
Zabbix version 3.4.7 suffers from a persistent cross site scripting vulnerability.
c09e97f233a32d679c9284d9f2b902da7ba1cd81163c6a8b9a66ac3aa77e5f7a
Openlitespeed version 1.7.9 suffers from a persistent cross site scripting vulnerability.
3133e3365c00ccc6612cb63e305f868ea946b516bf1f313e30609f885d05906a
IRC-Worm.Win32.Jane.a malware suffers from bypass and man-in-the-middle vulnerabilities.
191ac29081f2ca8619931764c586208a2350de206e6cdbfdd1ced905a42dd25c
GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit.
ff447b6110d359109791159d602b028e64b080305d8c9119c22a55bb1534f865
IRC-Worm.Win32.Jane.a malware suffers from bypass and code execution vulnerabilities.
84bdcfead9c0f21862044afa650faa1aa76ad0e117acd2120ea049e9f5326271
Health Center Patient Record Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
3af9900b2d7f4bdd8e06f38fa12ca466213c2f8c83b234b0bd53fb73f96ee32c
Health Center Patient Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
30b359ed7718814adfd99b7294bc09d230b66af0bfb6c2ecd479163ed7f99024
SyncBreeze version 10.1.16 suffers from an xml parsing stack-based buffer overflow vulnerability.
4e4aac841e14be7d1d1bbb56ffc40470dcb45388adce30f8c3efd1aa5db9526d
Project Expense Monitoring System version 1.0 suffers from an authentication bypass vulnerability that allows for administrative account creation.
5e825ac5644b47c21d2660c8a1b44c8f20a7df5ae2136bc09ddaf9e9adfc51c1
Project Expense Monitoring System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
5792f063f5e0bce522ad6ead3ec7f60d3be0cf2b2815844d78353c41ec7541dd
Budget Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
454bf7ddb20b072f4c10afd236d094755b9314285d73c80b4f6d249b8bb563cf
Equipment Inventory System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
3e0f078c9d219489e2d855a81a04b7614842ae43d5c0c552139b9381be4471af
vsftpd version 3.0.3 suffers from a denial of service vulnerability.
71ee1380b9d63f9f1dab1c9683f8127c0251426f939688ea47b83c9268dc1dac
Novel Boutique House-plus version 3.5.1 suffers from an arbitrary file download vulnerability.
0ec465e44d38be2f29340b6a95314a988f35cfbdadad1553447259ab0ea0ba9b
Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting in this version is attributed to nu11secur1ty in March of 2021.
85b90184d4fc5f1bb1bad2e1800e72fd5f21249b52f09b95dfbc02fe3864fd2d
Backdoor.Win32.Delf.zs malware suffers from a code execution vulnerability.
4a5d3b89e3bd8aeb3967a57fbde5fc5f72b548929392f50c8f378b8a7b2c7fb4
WordPress WP Super Cache plugin versions 1.7.1 and below suffer from a remote code execution vulnerability.
18a64716dacbf0e8c19c600cecb0946447c3ee415cd85fdf4b26eac64a846b13
Id Card Generator version 1.0 suffers from multiple cross site scripting vulnerabilities.
666e78b300e1a151c8982d3f2431665678bd06e5c082424c6516b72d0161988b
Moodle version 3.10.3 suffers from a persistent cross site scripting vulnerability.
42d3462e082c64cfc36100896fbf7766b3b9ff2995b24c3ec2b1173c458f0db6
This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.
0d5122d6fb0ba7f681b7229fc5c197780b51710c6395404115ad8686072b2b08