Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
0d0a1918990afa2cbe664861b2ed5a5dGantt-Chart for Jira versions 5.5.4 and below suffer from a cross site scripting vulnerability.
94808b4b06f1ab53f6751d0a04456ee8Gantt-Chart for Jira versions 5.5.3 and below misses a privilege check which allows an attacker to read and write the module configuration for other users.
52b4993502b0e711055c769961f5bb65Mocha Telnet Lite for iOS version 4.2 denial of service proof of concept exploit.
07006fb34c3849a7f8b2583b33f722deDaily Expenses Management System version 1.0 suffers from a remote SQL injection vulnerability.
9e6e99fea6a5022fef764d130ffc1573RTSP for iOS version 1.0 denial of service proof of concept exploit.
9deb3c878023b0b278fe006ec1c53422Pi-hole version 4.3.2 authenticated remote code execution exploit.
c974a233e43e84e556dfc6ea373f51a4Car Rental Management System version 1.0 unauthenticated remote code execution exploit.
fc76a860fbf88ef19ed2574d10b76719Car Rental Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
f9dd370debecdf2355b932bd9b6d7518October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
a79e40ac7fff8141301027b2d8a73d91Microsoft Windows Win32k privilege escalation exploit. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
6b7e0e5d390dcae63cd77660c4d5df8bStock Management System version 1.0 suffers from a cross site request forgery vulnerability.
3c5b73ade86e8add863d011533c5b13bStock Management System version 1.0 cross site scripting credential harvesting exploit.
e446b8905eecb3fea89495e9af42d485Stock Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities in the Brand, Categories, and Product name fields.
91a40ee32f0efdfc4b24865fa37aaa45Stock Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
86a8471246e2649f885e68626bf61d29Umbraco CMS version 7.12.4 authenticated remote code execution exploit.
c6a4a934c6775c455e5e4f225dec66c0Mara CMS version 7.5 suffers from a cross site scripting vulnerability.
9fb48d350011f3aed4c31764dd7e0c36OpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
0c4b5a66f0b188dd68ac3a5de13961d4Atmail Email Server Appliance version 6.4 exploit toolchain that leverages cross site scripting and cross site request forgery to achieve code execution.
5e8eedf4d9e738503fa65cc3f2f4de89This archive contains all of the 140 exploits added to Packet Storm in July, 2020.
d14672a0e60b4cb70dc3e433ffd92028BacklinkSpeed version 2.4 SEH buffer overflow proof of concept exploit.
125549f2a909bc9933fb1effe1953aa3CloudMe version 1.11.2 SEH buffer overflow exploit.
f14aefabd6974df7ab1eb432b3acade5All-Dynamics Software enlogic:show Digital Signage System version 2.0.2 suffers from a session fixation vulnerability.
b360840e29dc9c52e8c3e47dcec29e65All-Dynamics Software enlogic:show Digital Signage System version 2.0.2 suffers from a cross site request forgery vulnerability.
7e17b980450da6f3316e47dbaa25e3d6Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.
c24d92ba32b907f53df823c312feb8d2
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed