This archive contains all of the 173 exploits added to Packet Storm in May, 2023.
3f39d22e54526c7d409e403a1a6382ca215777d5cae90bbe636eca920ce8f752
On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But when GPU-shared memory is freed, KGSL puts the freed pages into its own page pool without checking the page refcount. This means that pages that are still accessible from userspace can be reallocated as GPU memory by another process.
912899972d766ddbe72f5a9e3255c982b1f4d47a09b7d4e6f29f8440583aa47c
Qualcomm Adreno/KGSL suffers from an unchecked cast of vma->vm_file->private_data in kgsl_setup_dmabuf_useraddr().
607fa965d699b8530e3007ef7ceaca726a5ef18f66dd831e4ec632ad32adcccd
WordPress ReviewX plugin versions 1.6.13 and below suffer from a privilege escalation vulnerability.
1c2eca8ad1720a71bcac303fcf5dc619660f13c02ebb872e57cb73b4594ef46f
Lost and Found Information System version 1.0 allows a staff level user to adjust administrative controls.
7400ab6049de4dddfcdfd454ab83d447a594ba9c2bffab3956a8231dd11a7b29
Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability.
f646d15b94eb25a9e33e9b98a5da9499fcc1db0453cea3b315f41964952474a9
Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.
b2b4efdf6407c97da1fd4879b1060ceb3e8610f81ecf9ca9405dfa82f22caab8
Vaskar Courier version 3.2.0 appears to leave default credentials installed after installation.
05544a17c90ad511b085197b405bbd4110682256b8d689ce8540a01ad27dbc84
Wekan versions 6.74 and below suffer from a persistent cross site scripting vulnerability.
5f6a618a585ca68e8d37984d4e6630f7467ca93dcc564f837032ebe7f0466fa4
Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.
0c6c4576c7182cef60f1720011b706cffbe6a3ce7cde23ea97cdccf7a4dc0430
Pydio Cells versions 4.1.2 and below suffer from a server-side request forgery vulnerability.
e80dc14f94f6e8fcaa9d6b4c38de47e89b02fbf48eec2911feee938e8da47d63
Pydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross site scripting vulnerability.
5572c0a56c096d68de11c3dc1c9bcddd5b68526d9584952ea09e3ff2766d3365
Pydio Cells versions 4.1.2 and below suffer from a privilege escalation vulnerability. It allows users, by default, to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
57d48188f889ecfd68177fabe259377f99ef7204208ed63108568aa4b966a11a
Papaya Medical Viewer version 1.0 suffers from a cross site scripting vulnerability.
8df38a330ac2343b3e782afbd1eada60580f208c1258a2a059d50abc00c3df54
PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.
1631d9ea880d645fa96e60ab35dadd9fa31ea602fc8d3ea5528a7418cc9cfc0b
Argon Dashboard version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
32a956d572822e0a978da64f79d5f04eeca8f803b2527b3aff2a8965883281a1
Thai Auto Web version 1.2 appears to be missing authentication on the administrative interface.
65ba5e262444c0c8b2ecfeaea7f263429fb1f32b786d76c0e7dd8ff518ed66f3
Code-Bakers version 1.0 appears to be missing authentication on the administrative interface.
37decde4e6e8203ecc07eae2804c9e5a9355e2f8ad34bd2e1301db2e84180c92
New MVC Shop version 1.0 suffers from remote SQL injection and missing attribute vulnerabilities.
c1b40aec9eb372ff9cd5a4cff29271a8df8d3fedfc4274f9e046058eaa80e539
Simple Customer Relationship Management CRM 2023 version 1.0 suffers from a remote SQL injection vulnerability.
285e8f6ae7ee9b90299b635cefdb4e7b115a2a1bf605db59f2801bc204f4e67e
It appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected.
92cf79073e5009f343666e2a43e0a350c61dd730a3d354ea6bc3bd1d42f1ee8d
Jobs Portal version 3.6 appears to leave default credentials installed after installation.
f267635edf702421f090f420167604e54f42579ebdd5e8887bf5d9cdfbef0879
Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability.
34f7d878b820c06a0c255c7ff0a016c2722c19698a3424d8da2d5754b3b6daa1
This Metasploit module exploits the broken access control vulnerability in Seagate Central External NAS Storage device. Subject product suffers several critical vulnerabilities such as broken access control. It makes it possible to change the device state and register a new admin user which is capable of SSH access.
0c0244a7cf8607e5471c8c892d6c5977f98fef410819f0a4cba83bca34b40d39
SCM Manager versions 1.2 through 1.60 suffer from a persistent cross site scripting vulnerability.
664f15522c011619b99049e2352046cb2fe96e9694bc4c9a177d85f03914e5b7