This archive contains all of the 195 exploits added to Packet Storm in April, 2023.
405e6139b88516b8b8d310fa20e72af135bf83c73084dbec2de5761b29649a61This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.
a97dc5c7910c67fbfa47a0a5ff5111b60ef4fc38c7f19bc191fb098243b227f6Debian Linux Security Advisory 5394-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
7c593ae98e568ffa42c0e654714ca6a0478520b206d50511ae16e3d37a3b2919Ubuntu Security Notice 6052-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed.
22556eb4fe1474689bc2a6c1eab4d4271beaa362c89a900b76a777c5f897b936Ubuntu Security Notice 6051-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
8f3d3ba695803e924025f809e81f937f6354a99d3974142526b46598df33475cCompanyMaps version 8.0 suffers from a persistent cross site scripting vulnerability.
aaac30b158267861d9289cde53dbc4edc83c2d121335a780eed8bf01a13b6facUbuntu Security Notice 6048-1 - It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library.
e20bbb5af5fb0c406f73126eeb6cbcdcc74ec950c882da124143b56074856844Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
2fe94ad0f659c0d3f64d2d232c14f2698dfebe3cc57764cdf1c493b0eb6608b9Ubuntu Security Notice 6049-1 - It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM.
7e20c4b100a01d5436fdc3d622df85ec25fc16ce3f77384791bc1e053d16f411Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability. This exploit is a second version from the original author of the original exploit released in September of 2022.
e7a6810d6a70959199eb39d58ef19ffc0f717838c3bcbb82681904466d5ca0d6AC Repair and Services version 1.0 suffers from a remote SQL injection vulnerability.
61ca067f3204dd60a28c5875c4c022cd31be78dd0d902d8f14cace50a68cc7d0Ubuntu Security Notice 6037-1 - ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private network of the client.
01b105752cb4c4020af26703fc7f227551e768e10ef43699d4dd35b88c29075eOld Age Home Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6dbc0dac3bea894598dae10e5fce781c47ae87adbd89ddb496e7eb7cfc60c6a7Chitor CMS version 1.1.2 suffers from a remote SQL injection vulnerability. The rollno parameter is also susceptible to SQL injection. Original discovery of this finding is attributed to msd0pe in April of 2023.
78dad42d7298ef5d0716bb864dcc8bbd2338fcb72b229dd4f65720411723907fAigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a login bypass vulnerability.
460a71c5b1093240b5647e62c7f3da9e30ae22afdaf2e182c00e58fd99a484cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed