This archive contains all of the 187 exploits added to Packet Storm in October, 2021.
529d0071e24892b1e737716ede4686e4a57351d36cb67e8739ad5de37accbd10
WebCTRL OEM version 6.5 suffers from a cross site scripting vulnerability.
b213132aebbf39e3ca67659abd1d952d0a1b8c21607a2b98818cdd628295ab9f
WordPress NextScripts: Social Networks Auto-Poster plugin versions 4.3.20 and below suffer from a cross site scripting vulnerability.
3b243357482f55615e13c6f86d3c5f7e5661b3bdb1e7d084a3489717be01ceda
This Metasploit module exploits an XML-RPC API OS command injection vulnerability in Movable Type 7 version r.5002.
9c1d6d041399f21f06d09819aa8fd5bedc69705e7ec269c952276194f3e11c65
Android NFC suffers from a type confusion vulnerability due to a race condition during a tag type change.
08fb25b7d8382b17929eba513aa143b8803817300bc39c7324b97c461ec1858e
Mini-XML version 3.2 suffers from a heap overflow vulnerability.
b37fee5b647ea11aa9620e901d553c7936b8122204082ec9a384dff855e860d8
Umbraco version 8.14.1 suffers from a server-side request forgery vulnerability.
b6a417c2e4696d3a232a182e939111a6bc9672483416f989f2c1b1c01909b5cc
This Metasploit module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user.
e60408784254ddfee031c720b657d15c09df5d27e903311833f4a7f181588725
Backdoor.Win32.Prorat.ntz malware suffers from having a weak hardcoded password.
3242b7623dddcedfdaa1321d459bb30a8fe2211541d728a66a0771f0c38c14e3
Backdoor.Win32.Prorat.ntz malware suffers from a man-in-the-middle vulnerability.
b496833c9943b356b5e36c3d403fc166db28d62f58c8ad54909b0349ddab2d12
By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 (released September 8th 2021).
fdef0aef0e912b6be1749a8d91235a8ce5f95d8c64ee36efaa66917951a81206
Virus.Win32.Ipamor.c malware suffers from an unauthenticated remote system reboot vulnerability.
84db975e201fa02c407f637fb81a3da8c99949352d8dcd96e7019bd77a849227
Backdoor.Win32.Antilam.14.o malware suffers from an unauthenticated remote command execution vulnerability.
e3ec579760331c3311245a4085bc3f661d2fcb2136789fb325b557865cc8541e
HEUR.Backdoor.Win32.Generic malware suffers from an unauthenticated open proxy vulnerability.
63970f0c1a53eb495ab4fe23cb39480889a373c2b844d7684e1533cf0dc070e3
Backdoor.Win32.Mazben.es malware suffers from an unauthenticated open proxy vulnerability.
173e6bf535ccd9b1964aaa19cd997d19c2e872f9160e2af34af09f1a13421313
Hostel Management System version 2.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Kokn3t in October of 2020.
c25a1cf3e43fddf34b3dba5ae1ca94327edad0924a642a4cba70ea26c887ae6b
Backdoor.Win32.Hupigon.afjk malware suffers from bypass and code execution vulnerabilities.
e88083e56cc22443cfc05356ba29a0167905e994f2e84a847ee2ae8ae05f67e4
Backdoor.Win32.Hupigon.afjk malware suffers from a man-in-the-middle vulnerability.
6b2f003a1b543353ead8da56a0fc62fb2a653d2e3664170784d65781cd8aa71d
Backdoor.Win32.Hupigon.afjk malware suffers from a directory traversal vulnerability.
05d61f0a82f4efaed311b1b2abb9498038be8c7827ab8ec304b31ae59c970d88
Backdoor.Win32.Hupigon.acio malware suffers from an unauthenticated open proxy vulnerability.
eb96ad8d71f6c7c5b23f5e004070435ee69ec0fed3803691669fa6154b7986f0
WordPress Supsystic Contact Form plugin version 1.7.18 suffers from a persistent cross site scripting vulnerability.
3323df57b8923efdf98df1404c93ea1e5214d151574ad10b00cb85081bd9cc42
Backdoor.Win32.Hupigon.acio malware suffers from an unquoted service path vulnerability.
29b17d8a1dde1549c3b2a9f5bbbd0cadd035ff28ff9aa377cebbe1166a6cdfc7
Backdoor.Win32.Delf.arjo malware suffers from an unquoted service path vulnerability.
ce98423c38a20733de2db341c34d197e2a31b68690e9ba1d3c0c0ccd6f0832c4
Trojan.Win32.Akl.bc malware suffers from an insecure permissions vulnerability.
5fd3a44feb944d9dcb38f70663514713fe5a5f8eeedf65975dacde025a8d7353
Ultimate POS version 4.4 suffers from a cross site scripting vulnerability.
caa1edeed640ae5247dc146dd676283c8f8a10a41349ea5caba714d220ae28d9