This archive contains all of the 173 exploits added to Packet Storm in May, 2023.
3f39d22e54526c7d409e403a1a6382ca215777d5cae90bbe636eca920ce8f752On Qualcomm Adreno/KGSL builds where CONFIG_QCOM_KGSL_USE_SHMEM is not set (or on older KGSL versions without CONFIG_QCOM_KGSL_USE_SHMEM), KGSL allocates GPU-shared memory from its own page pool. Pages from this pool are inserted into VMAs that don't have any weird flags like VM_PFNMAP set, which means userspace can grab extra references to these pages through get_user_pages() (for example, using vmsplice()). But when GPU-shared memory is freed, KGSL puts the freed pages into its own page pool without checking the page refcount. This means that pages that are still accessible from userspace can be reallocated as GPU memory by another process.
912899972d766ddbe72f5a9e3255c982b1f4d47a09b7d4e6f29f8440583aa47cQualcomm Adreno/KGSL suffers from an unchecked cast of vma->vm_file->private_data in kgsl_setup_dmabuf_useraddr().
607fa965d699b8530e3007ef7ceaca726a5ef18f66dd831e4ec632ad32adcccdWordPress ReviewX plugin versions 1.6.13 and below suffer from a privilege escalation vulnerability.
1c2eca8ad1720a71bcac303fcf5dc619660f13c02ebb872e57cb73b4594ef46fLost and Found Information System version 1.0 allows a staff level user to adjust administrative controls.
7400ab6049de4dddfcdfd454ab83d447a594ba9c2bffab3956a8231dd11a7b29Microsoft GamingServicesNet version 12.77.3001.0 suffers from an unquoted service path vulnerability.
f646d15b94eb25a9e33e9b98a5da9499fcc1db0453cea3b315f41964952474a9Apple Zeed ALL YOUR STYLE CMS version 2.0 suffers from a remote SQL injection vulnerability.
b2b4efdf6407c97da1fd4879b1060ceb3e8610f81ecf9ca9405dfa82f22caab8Vaskar Courier version 3.2.0 appears to leave default credentials installed after installation.
05544a17c90ad511b085197b405bbd4110682256b8d689ce8540a01ad27dbc84Wekan versions 6.74 and below suffer from a persistent cross site scripting vulnerability.
5f6a618a585ca68e8d37984d4e6630f7467ca93dcc564f837032ebe7f0466fa4Serenity and StartSharp Software versions prior to 6.7.1 suffer from file upload to cross site scripting, user enumeration, and reusable password reset token vulnerabilities.
0c6c4576c7182cef60f1720011b706cffbe6a3ce7cde23ea97cdccf7a4dc0430Pydio Cells versions 4.1.2 and below suffer from a server-side request forgery vulnerability.
e80dc14f94f6e8fcaa9d6b4c38de47e89b02fbf48eec2911feee938e8da47d63Pydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross site scripting vulnerability.
5572c0a56c096d68de11c3dc1c9bcddd5b68526d9584952ea09e3ff2766d3365Pydio Cells versions 4.1.2 and below suffer from a privilege escalation vulnerability. It allows users, by default, to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all cells and non-personal workspaces is granted.
57d48188f889ecfd68177fabe259377f99ef7204208ed63108568aa4b966a11aPapaya Medical Viewer version 1.0 suffers from a cross site scripting vulnerability.
8df38a330ac2343b3e782afbd1eada60580f208c1258a2a059d50abc00c3df54PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.
1631d9ea880d645fa96e60ab35dadd9fa31ea602fc8d3ea5528a7418cc9cfc0bArgon Dashboard version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
32a956d572822e0a978da64f79d5f04eeca8f803b2527b3aff2a8965883281a1Thai Auto Web version 1.2 appears to be missing authentication on the administrative interface.
65ba5e262444c0c8b2ecfeaea7f263429fb1f32b786d76c0e7dd8ff518ed66f3Code-Bakers version 1.0 appears to be missing authentication on the administrative interface.
37decde4e6e8203ecc07eae2804c9e5a9355e2f8ad34bd2e1301db2e84180c92New MVC Shop version 1.0 suffers from remote SQL injection and missing attribute vulnerabilities.
c1b40aec9eb372ff9cd5a4cff29271a8df8d3fedfc4274f9e046058eaa80e539Simple Customer Relationship Management CRM 2023 version 1.0 suffers from a remote SQL injection vulnerability.
285e8f6ae7ee9b90299b635cefdb4e7b115a2a1bf605db59f2801bc204f4e67eIt appears that sites designed by e-Biz Technocrats Pvt.Ltd suffer from a remote SQL injection vulnerability. As they do not provide any sort of versioning with their offerings, the researcher was unable to provide affected versions. Versions as of May 11, 2023 were affected.
92cf79073e5009f343666e2a43e0a350c61dd730a3d354ea6bc3bd1d42f1ee8dJobs Portal version 3.6 appears to leave default credentials installed after installation.
f267635edf702421f090f420167604e54f42579ebdd5e8887bf5d9cdfbef0879Camaleon CMS version 2.7.0 suffers from a server-side template injection vulnerability.
34f7d878b820c06a0c255c7ff0a016c2722c19698a3424d8da2d5754b3b6daa1This Metasploit module exploits the broken access control vulnerability in Seagate Central External NAS Storage device. Subject product suffers several critical vulnerabilities such as broken access control. It makes it possible to change the device state and register a new admin user which is capable of SSH access.
0c0244a7cf8607e5471c8c892d6c5977f98fef410819f0a4cba83bca34b40d39SCM Manager versions 1.2 through 1.60 suffer from a persistent cross site scripting vulnerability.
664f15522c011619b99049e2352046cb2fe96e9694bc4c9a177d85f03914e5b7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed