Microsoft Windows version 10.0.17763.5458 kernel IOCTL privilege escalation exploit.
8707efbb61bde9a6bad7e9f41e2e2aa406ec325770b5e4cf2822308facf677cb
Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.
13eccba4a879951b450e58d70bb5dec815e2134f0c7159328e6dd22fc57f3881
This archive contains all of the 137 exploits added to Packet Storm in March, 2024.
e7a370f1c0f29e8e8ae9cca342ae253f8f3991c7912112bd243ee527dbcf759f
ARIS: Business Process Management version 10.0.21.0 suffers from a persistent cross site scripting vulnerability.
f556b08c262d4eefeffbc7480af913d8678c83024c7fa85a7107803af466a801
A use-after-free vulnerability exists in the Linux kernel netfilter: nf_tables component. This is a universal local privilege escalation proof of concept exploit working on Linux kernels between 5.14 and 6.6, including Debian, Ubuntu, and KernelCTF.
e98b20acc52d06c63e173b3fafc4a334699f028d1db4b0de3512cf556c197cd9
BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5.
559624309c6e53a8b2b0a2a02ff69a214f19c0f9c1031ae40784ea114742841e
Gibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution.
1b3c7352aa031d230c3c80c612cd9d93b73f2fc15a2b82894af48bf0b12e4b63
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02
The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a local file inclusion vulnerability.
1dbbfbdf1a7bf4060fdff75fb8aff1ab0bc5375217ca00dc2d7c0cf611ab7316
The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a server-side template injection vulnerability.
256571d01cca1bc252f84933681faf1ff9f922f6835db1ae3b7bc099a7571ea6
The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a command injection vulnerability.
7685501581e9f699e06c56b0eddcfccbd5e014e303d78ffd724d6a188077faa5
Event Management version 1.0 suffers from a remote SQL injection vulnerability.
5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fd
The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.
c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077
The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.
2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0
FusionPBX suffers from a session fixation vulnerability.
80babf076c9e7398fb72180f2da01bce706e004dd86503ce23c6645034cb5d21
Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.
265530e02c210729e3640de0f5f23192ea5b21cae936f5ed87be61a93898f695
Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.
49145a8ded157d117fc08cb54211098512a41f3d792bba94457249d4e633af9c
Workout Journal App version 1.0 suffers from a persistent cross site scripting vulnerability.
4b4377b2f91858e8fe3f26542f71de50ed7f461bf1202b6e0d6ab51cb382144f
LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
049c8de17cf497bf303930585481eadeb964f519906d25f2f09f96d1d4f41c47
Asterisk AMI version 18.20.0 suffers from authenticated partial file content and path disclosure vulnerabilities.
616b45986a6e97b2ba327758ffa9a1c224a4e92e3b4968de364f6df455139bbc
Siklu MultiHaul TG Series versions prior to 2.0.0 suffer from an unauthenticated credential disclosure vulnerability.
4bcbd835a57c3cca5d5e02db8c60bf815e9261ff51ef70b5f88a98847262fb47
RouterOS versions 6.40.5 through 6.44 and 6.48.1 through 6.49.10 suffers from a denial of service vulnerability.
9b7bae3bbe0ac19177c74574f4b0842856727f5af1b375f506fcf40ac529539d
NodeBB version 3.6.7 suffers from a broken access control that lets attackers via data only meant for an administrator.
041c25c9e6a6f39edbd0310972213b33068fbb7cec138cd4aa848275f0af4d90
WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive.
c9b468baa4eac879ce098155bfc3889b87ef0d5373ba5a2b473d75bc3f0cb552