This archive contains all of the 137 exploits added to Packet Storm in November, 2021.
17fff5ce91cd2385028fa864df1fd7fa8336400d28b124a54ec241a1307df8e0
Laundry Booking Management System version 1.0 suffers from a remote code execution vulnerability.
4fa611a63914027d2b69ac12ecd58007b1fccc9848be217cea672bc6d12cfc21
Orangescrum version 1.8.0 suffers from a privilege escalation vulnerability.
c8c7f43730e3d76d57c14dd79b7de6777f9c15f990b2d77ec8733b0f1c8adc65
Orangescrum version 1.8.0 suffers from multiple remote SQL injection vulnerabilities.
ee836ffb8ac4c8f04caa3e9f4ba0532ab1071de3f53ff4d1759481a59c64dc5c
Orangescrum version 1.8.0 suffers from reflective and persistent cross site scripting vulnerabilities.
086abb0c5e3fa09d0deee6332c6925901258a976ee960fd564771e04be6e288f
Opencart version 3.0.3.8 suffers from a session injection vulnerability.
561fd8e448b1a816549d320dca97e950c1f9fa221646cdb868f4a98f0da0d041
This document aims at explaining some recent vulnerabilities in Apache HTTP Server that leads to attacks like path traversal and remote code execution.
f1aae18afbd9ad17a4af83ba0fe8f963226438309f210e48576d57b0bdf705a2
This whitepaper provides an overview of a Polkit authentication bypass vulnerability that allows for local privilege escalation.
93e86eaad4a245a57200302487bb9941411bfdb877a212d1a63b777283e5ebdb
Nextar C472 POS suffers from a dll hijacking vulnerability.
c6e9e5fd44e33cac1c1c6907b29faa8c9d0aad5d2bbc186391b6abfbce80c4c9
This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus - which is SYSTEM if started as a service.
258a080b77eaface80577b4886f47493eafef016bf16d63a1567107d6f5b76cd
D-Link DSL-3782 pre-authentication remote root exploit.
39250461aeadf7ef7255a1a2d870e1e43ea66083e97d1b047cdd0a89783991a9
Backdoor.Win32.Coredoor.10.a malware suffers from a man-in-the-middle vulnerability.
3bbbf35644404af56101ec9f3a27b6ac3bd28082a587b7f58b4524e7478f545a
Email-Worm.Win32.Deltad malware suffers from an insecure permissions vulnerability.
66243679323269793c782e6c8a7e8a4a1b44e4aca08136880f17dc8b4c55b85a
Backdoor.Win32.Coredoor.10.a malware suffers from bypass and code execution vulnerabilities.
9088036880d3dba7ccee522afa54bd69cf3f4fd36e962371bf3426b87a962b9f
Bagisto version 1.3.3 suffers from a client-side template injection vulnerability.
740924052302766ae4284569cb8f15de130e0ada88815cea3e02747f211eb2e7
Gerdab.ir suffers from a remote SQL injection vulnerability.
3658342384327aa02440e31087e45925ad4cee576132b6f0e1ebc3447156c002
Apple ColorSync suffers from a use of uninitialized memory in CMMNDimLinear::Interpolate.
c6e92780fc2927adc2e9e480e3f3df311d03eb907303e5535429ca81152d95f9
HTTPDebuggerPro version 9.11 suffers from an unquoted service path vulnerability.
1ff5f55b83b9c2310c19e5b97dff43761b3dd8a9c3cfe13e86116c0d1630ee88
CMSimple version 5.4 local file inclusion to remote code execution exploit.
a4b05d1e2b8f3b37a0772e0d7ce7cf15dca4169ffda490cd7eba79ae80aacc7a
The Serva TFTP server version 4.4.0 can be brought down by sending a special Read request.
970939db6fbd0ebf925fd0e54355815383b1cfb8d622f4af947f399b14ea02da
WordPress WP Guppy plugin version 1.1 suffers from a WP-JSON API sensitive information disclosure vulnerability.
0c184ef5480f8c0da90f3e998eda5373612fb8589ab006d4fb7fc530d12db79f
Linux kernel version 5.1.x PTRACE_TRACEME pkexec local privilege escalation exploit.
8d5c414fa51cc67f0202260354e046cc0dfc7b5fd8dbc677b42d007fa51ef016
Webrun version 3.6.0.42 suffers from a remote SQL injection vulnerability.
6b1cc1e03ded80438e3b3ae928ba7c7f2ff8111f18472811355b96c6c8c562f8
FLEX 1085 Web version 1.6.0 suffers from an html injection vulnerability.
2ce54edd9758e61d9f66041bd0461c61b5f7135aa98da49b7508c369fbbd421e
GNU gdbserver version 9.2 remote command execution exploit.
533629709473150a4e5147c1ec146d2de2d5a91ff1beede2df873a63f1c0aba4