This archive contains all of the 130 exploits added to Packet Storm in January, 2023.
ea59f7d618d1f8fe8f750faa31ef909e70fc61e5274fef5dd74a9c65027bb7bfControl Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
00cb85e5ab25f2d5091aa8c72d9d5252d08919dce9dbd37743bea7469e5dbc51PHPJabbers Business Directory Script version 3.2 suffers from a cross site scripting vulnerability.
d2557e411d456bd34555a2aacdc580e243ce6132afdd23ed9686aef6b539969ePHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.
a763dffdb3d9d66af1165c31dde196ceb865df88853aef37d01989c9d9427a14mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.
aa08068eda449c43f5c76d0ec56fca19930c2ac6719246bec693e3037f692da6PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.
692a826df097e4229d209944d70fe7f7799c532b5e037c41aba1f0ba9bebb91bZstore version 6.6.0 suffers from a cross site scripting vulnerability.
653905fd4efa9030f79aa84e990c72cb875f0be6933e755e36678f4aa2c9a0c8PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.
8fab16cdc74a1a2eec65f585cba5d399670dcb6b308f9255fea72f9fbd84df1aPHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.
ca11533d20acd6bee2a211d4e3de4c988afb414b29686bd6473042b4b019f864PHPJabbers Travel Tours Script version 1.0 suffers from a cross site scripting vulnerability.
0a7f5b626d6393bcc255133a21566a6f163578785f29510c84d73418a28fd1fePHPJabbers Property Listing Script version 3.1 suffers from a remote SQL injection vulnerability.
a31fd6b56b7d7115984b30a6505b1ddcaee6cb5274d5e467b5411856220a7fd9PHPJabbers Property Listing Script version 3.1 suffers from a cross site scripting vulnerability.
302f3f53c1a0e807af0b328668c5cb8b327fd8eb8e22a11b9af1c012ac5056caRazer Synapse version 3.7.0731.072516 suffers from a local privilege escalation due to a DLL hijacking vulnerability.
b44857059280bd0c0f9219f18143442834c6560bf766c7639b847e7be7cb3329Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.
45d877f2bc8d1d68f308fad7fe918c90f982d284964eee41b93805a3c6fb1ad2PHPJabbers Car Rental Script version 3.0 suffers from a remote SQL injection vulnerability.
da611ec0ad9f60f8789a0b37c087ba77ab18171db28eb201e5d8c4312ef65403Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.
f0bbf9c04ccb2873653f86035ec08f7b9388e540d28d2f705eaf53a75692bfeaInout Jobs Portal version 2.2.2 suffers from a cross site scripting vulnerability.
6f3be2d31feb3d9c7a0c800ce5810ede460356e4aec96ec7e16f05115241db1aInout Jobs Portal version 2.2.2 suffers from a remote SQL injection vulnerability.
9f8b4b7af85a0ac5ff2162e8db5b902d70686fae9043406cbad209c183367ccfInout Music version 5.1.1 suffers from a remote SQL injection vulnerability.
77e27e4a02fc7a2e3b12e40b81fb4fcccd78c51d27a51a95afd57db9e134c114This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user.
e63c1aedc4dd728df608137b19687c9e69ec0ae051a555280b58f4cc45f05eb6Inout Search Engine version 10.1.3 suffers from a cross site scripting vulnerability.
c32df83849d238b031091b57cbe551049a10b3a034d6d248af9e813f15050385Inout Homestay version 2.0 suffers from a remote SQL injection vulnerability.
ddd17c54c1ad77326efd7f4df4ae548147ee2c630ceb187f992d756190a45d19Active eCommerce CMS version 6.5.0 suffers from a persistent cross site scripting vulnerability.
bd1b8525d134e8539153037cbd2b3ebad280be2852c627e63b5bf9be93e5ebd0ERPGo is a software as a service (SaaS) platform that is vulnerable to CSV injection attacks. This type of attack occurs when an attacker is able to manipulate the data that is imported or exported in a CSV file, in order to execute malicious code or gain unauthorized access to sensitive information. This vulnerability can be exploited by an attacker by injecting specially crafted data into a CSV file, which is then imported into the ERPGo system. This can potentially allow the attacker to gain access to sensitive information, such as login credentials or financial data, or to execute malicious code on the system.
801e5c6092682a2b27f17597b4056f7e77672f236eae2def67958ed0d9232464Inout RealEstate version 2.1.3 suffers from a remote SQL injection vulnerability.
ffa3447c61c56fe4c310a17f891e52d6098984d03dfc9fd65cd0e880839be912
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed