This archive contains all of the 185 exploits added to Packet Storm in November, 2020.
de4e7c40421479393eebf753cf9b9f89eClass LMS version 2.6 suffers from a remote shell upload vulnerability.
27ab302a8ee9d1973f951525ce39698fWordPress EventON Calendar plugin version 3.0.5 suffers from a cross site scripting vulnerability.
6d781ceb0ce4cc4d3067f1bd5476bef5SciKit-Learn version 0.23.2 suffers from a denial of service vulnerability.
6f9363e5e9c2515c85d4b94828be4c86TypeSetter version 5.1 suffers from a cross site request forgery vulnerability.
b67e8396e549f39a1f6d2f1fe8eb968aIntelbras Router RF 301K version 1.1.2 suffers from an authentication bypass vulnerability.
7f66e81bed10e301accbd0125edcf58aATX MiniCMTS200a Broadband Gateway version 2.0 suffers from a credential disclosure vulnerability.
8538f90b6cc32b5b3097e0b5ed8b0d23WordPress Heroic Knowledge Base plugin versions 3.0.1 and below appear to suffer from a remote SQL injection vulnerability.
5b0a17623f7d69e2d7c8dc842fc7d4e3Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.
cb398e4945a60c2e520ea688340416bbRejetto HttpFileServer version 2.3.x remote command execution exploit.
f0b7a7e54ec676fda373df29ba788f8dYATinyWinFTP denial of service proof of concept exploit.
b1aaf842deeaebd05c9022dcc446f4bcThis Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.
7f93306aa6b4030f2a6b69fe4206bed0Heroic Knowledge Base plugin versions 3.0.1 and below suffer from persistent cross site scripting vulnerabilities.
df94306cb7de8bea529118f895637cc8Ruckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.
a76ca35e7a3f8b47cc3cd57b5a659c7cBest Support System version 3.0.4 suffers from a persistent cross site scripting vulnerability.
f74037429da1057feb79401fb4469a96ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.
2ad453e5e030521747ac204455b0066dWonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.
0a86a07638c2bc4b20e96c08d1fd7f89WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.
d3cb5885976c55c92fedea658fd20a13WordPress Wibar theme version 1.1.8 suffers from a persistent cross site scripting vulnerability.
ea95dd17c0f2997fcd504f248aa1a6e2WordPress Age Gate plugin versions 2.13.4 and below suffer fro an open redirection vulnerability.
a3548fa0a198ffdbc0c3ef0a20ea963bLaravel Administrator version 4 suffers from an unrestricted file upload vulnerability.
b32ad26683689ce39aae3cd95365fc83Moodle version 3.8 suffers from an arbitrary file upload vulnerability.
4bf530ba008f828cff2639ab14956f02SAP Lumira version 1.31 suffers from a persistent cross site scripting vulnerability.
3b83ad62cec70a0ffa3475532ddc5943ElkarBackup version 1.3.3 suffers from persistent cross site scripting vulnerabilities. This notes a variant attack vector for the original vulnerability discovered in this version in August of 2020 by Enes Ozeser.
f37ab9e621badd927ec90136c1c6cc1aFujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.
5ae6b1f300710953b64144f45eb1ec87
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed