This archive contains all of the 235 exploits added to Packet Storm in August, 2016.
ba9e31c028a9e364fe945572b056d5579a9249e68585a3ab6639cb94f4fa9c87CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.
f6c2bdd62d1577463dc9c79bb653feed9235e44736641fa6d88a9f5d0e6c8af7ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.
06ad2c3b4c30611aed0e5c774dc61cb188d74abaf7f541e5e4b3139d56cfdeb9ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.
3bccc49a88d88e46601653c25d793d329adafc5bf1d19a399249c82bcf482577ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.
04dd784bf139529b5896a28748b85b2a46ce19108df60fb6df0bf077057f7fc8ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.
d07f6d14968a9a3f7d2d3f860e9fda889f7bc5cc53267e6d5800e4b5b82387d9ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.
2ee4aee490a35905760510df79d8cffc41d9ed01d4dbb2fe00f6ccb3f4fa04f6ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.
661201e7c27f788dde650a2d5226bddfa2456cc33d8e22a68d5114c6bd2a7de2The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed 'manager' application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker the ability to execute arbitrary code with SYSTEM privileges. Version 3.0.1.0_R_230 is affected.
d831e50b0e0f8def133824f6a6ff536a534dd8c171ffe02320b7362c15ad83f5ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group. Version 3.5.3 is affected.
e51af303de037c193cb718e87876e32f06f7a64a66a90955afc034c4e3dcc236ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.
9cb88adc874e989e21366fdcd577e8bd531dda6ee9584e15f2e77c43ddc2e0d1CactuShop version 7 suffers from a database disclosure vulnerability.
82f9d5f5cdea5c187d3baf2aa4449df23005f80f15ba137b46773888b99225ffJoomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.
6baccd3bd0aaecb8b28f8c12bd5480dea2b363c00e69b0fe81fa9e9fda118901Avira's free antivirus package installers suffer from a dll hijacking vulnerability.
cd4e84ee068f9e9cfe8d95ea64f7b69bb88001d7158979971fe5682f3df4324dFreepbx version 13.0.35 suffers from a remote SQL injection vulnerability.
f71cd00e2fd0cddbaa2279de836b448a9e77c13832747b5c8571efd07ff97030HelpDeskz versions 1.0.2 and below suffer from a remote, unauthenticated shell upload vulnerability.
9816e22386ec0f9df3beb93d610e5baa0d34a4f759bdaa9adbe1525d615e3eaePLC Wireless Router GPN2.4P21-C-CN suffers from a file disclosure vulnerability.
336237f741b3ff70e9d07462ce23b28002d32e2db135cf5faa934722fa99eda7PHP version 5.0.0 suffers from a xmldocfile() denial of service vulnerability.
0bcc951809d8bbc757db05b3c9e9177ebc25335a43389a3460b6a44b33ff7d20Advanced File Manager version 3.0 suffers from backup disclosure and cross site scripting vulnerabilities.
793881f6a0535b252753d259c2b2584d1150cca79accb89d4b197e0ef44181acPHP version 7.0 suffers from an object cloning denial of service vulnerability.
99d5e9b3760594f8032d17ff774e17acee8cbab6077fc8d293c6f62d5d29a542Goron Web Server version 2.0 suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
9d72c12a74b4b68a02f0385f032f5c6393f565e4439926d16005a836fbd3c94aPHP version 5.0.0 suffers from a simplexml_load_file() local denial of service vulnerability.
f7f56c7d578c979550e3037440da381a9ed6e1368c053130143eebab2f0c8dfaMEGAsync version 2.9.9 suffers from a dll hijacking vulnerability.
467b99e7de6c333211eb620208e20c59316c0ecf3e1759eeb9e0e0987e558cf1PHP version 5.0.0 suffers from a denial of service vulnerability in domxml_open_file().
1600c83298c5e9014bb21a20b3074ea6e67bb77c93ad413d58e7a39497143b1eKeeper suffers from an issue where a trusted UI is injected into an untrusted webpage.
bc5f2d8563853d8fb0eb9f4dfe423eef486e80138fb54b3a704e0a4fe79e486d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed