Microsoft Windows version 10.0.17763.5458 kernel IOCTL privilege escalation exploit.
8707efbb61bde9a6bad7e9f41e2e2aa406ec325770b5e4cf2822308facf677cbElementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.
13eccba4a879951b450e58d70bb5dec815e2134f0c7159328e6dd22fc57f3881This archive contains all of the 137 exploits added to Packet Storm in March, 2024.
e7a370f1c0f29e8e8ae9cca342ae253f8f3991c7912112bd243ee527dbcf759fARIS: Business Process Management version 10.0.21.0 suffers from a persistent cross site scripting vulnerability.
f556b08c262d4eefeffbc7480af913d8678c83024c7fa85a7107803af466a801A use-after-free vulnerability exists in the Linux kernel netfilter: nf_tables component. This is a universal local privilege escalation proof of concept exploit working on Linux kernels between 5.14 and 6.6, including Debian, Ubuntu, and KernelCTF.
e98b20acc52d06c63e173b3fafc4a334699f028d1db4b0de3512cf556c197cd9BioTime versions 8.5.5 and 9.0.1 suffer from directory traversal and file write vulnerabilities. This exploit also achieves remote code execution on version 8.5.5.
559624309c6e53a8b2b0a2a02ff69a214f19c0f9c1031ae40784ea114742841eGibbon version 26.0.00 suffers from a server-side template injection vulnerability that allows for remote code execution.
1b3c7352aa031d230c3c80c612cd9d93b73f2fc15a2b82894af48bf0b12e4b63This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91Soholaunch version 4.9.4 r44 suffers from a remote shell upload vulnerability.
38cf97e11373ce1137705690e0184e70046c7384264c09e97f32c832e3026b02The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a local file inclusion vulnerability.
1dbbfbdf1a7bf4060fdff75fb8aff1ab0bc5375217ca00dc2d7c0cf611ab7316The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a server-side template injection vulnerability.
256571d01cca1bc252f84933681faf1ff9f922f6835db1ae3b7bc099a7571ea6The FoF Pretty Mail extension version 1.1.2 for Flarum suffers from a command injection vulnerability.
7685501581e9f699e06c56b0eddcfccbd5e014e303d78ffd724d6a188077faa5Event Management version 1.0 suffers from a remote SQL injection vulnerability.
5135d01cd318616d2a8b1711363d2378d7b2686ffcd1083f2936d0248e4164fdThe util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.
c3644f61b4f68f9fafd4782ffb69bd4b73d2b6ff8ac981711c3329c0a8408077The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.
2a13323836730c890a63f333a24fcfb62637513c16193386327b7be986133bb0FusionPBX suffers from a session fixation vulnerability.
80babf076c9e7398fb72180f2da01bce706e004dd86503ce23c6645034cb5d21Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.
265530e02c210729e3640de0f5f23192ea5b21cae936f5ed87be61a93898f695Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.
49145a8ded157d117fc08cb54211098512a41f3d792bba94457249d4e633af9cWorkout Journal App version 1.0 suffers from a persistent cross site scripting vulnerability.
4b4377b2f91858e8fe3f26542f71de50ed7f461bf1202b6e0d6ab51cb382144fLMS PHP version 1.0 suffers from a remote SQL injection vulnerability.
049c8de17cf497bf303930585481eadeb964f519906d25f2f09f96d1d4f41c47Asterisk AMI version 18.20.0 suffers from authenticated partial file content and path disclosure vulnerabilities.
616b45986a6e97b2ba327758ffa9a1c224a4e92e3b4968de364f6df455139bbcSiklu MultiHaul TG Series versions prior to 2.0.0 suffer from an unauthenticated credential disclosure vulnerability.
4bcbd835a57c3cca5d5e02db8c60bf815e9261ff51ef70b5f88a98847262fb47RouterOS versions 6.40.5 through 6.44 and 6.48.1 through 6.49.10 suffers from a denial of service vulnerability.
9b7bae3bbe0ac19177c74574f4b0842856727f5af1b375f506fcf40ac529539dNodeBB version 3.6.7 suffers from a broken access control that lets attackers via data only meant for an administrator.
041c25c9e6a6f39edbd0310972213b33068fbb7cec138cd4aa848275f0af4d90WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive.
c9b468baa4eac879ce098155bfc3889b87ef0d5373ba5a2b473d75bc3f0cb552
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed