This archive contains all of the 235 exploits added to Packet Storm in August, 2016.
ba9e31c028a9e364fe945572b056d5579a9249e68585a3ab6639cb94f4fa9c87
CryptWare CryptoPro Secure Disk for Bitlocker version 5.1.0.6474 suffers from flaws that allows a malicious party to attack the boot process and backdoor the system to steal login credentials, the private 802.1x certificate, and the associated password.
f6c2bdd62d1577463dc9c79bb653feed9235e44736641fa6d88a9f5d0e6c8af7
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a user enumeration weakness vulnerability.
06ad2c3b4c30611aed0e5c774dc61cb188d74abaf7f541e5e4b3139d56cfdeb9
ZKTeco ZKAccess Security System version 5.3.1 suffers from a persistent cross site scripting vulnerability.
3bccc49a88d88e46601653c25d793d329adafc5bf1d19a399249c82bcf482577
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a local authorization bypass vulnerability in visLogin.jsp.
04dd784bf139529b5896a28748b85b2a46ce19108df60fb6df0bf077057f7fc8
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a file path manipulation vulnerability.
d07f6d14968a9a3f7d2d3f860e9fda889f7bc5cc53267e6d5800e4b5b82387d9
ZKTeco ZKBioSecurity version 3.0.1.0_R_230 suffers from a cross site request forgery vulnerability.
2ee4aee490a35905760510df79d8cffc41d9ed01d4dbb2fe00f6ccb3f4fa04f6
ZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.
661201e7c27f788dde650a2d5226bddfa2456cc33d8e22a68d5114c6bd2a7de2
The ZKBioSecurity solution suffers from a use of hard-coded credentials. The application comes bundled with a pre-configured apache tomcat server and an exposed 'manager' application that after authenticating with the credentials: username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows malicious WAR archive containing a JSP application to be uploaded, thus giving the attacker the ability to execute arbitrary code with SYSTEM privileges. Version 3.0.1.0_R_230 is affected.
d831e50b0e0f8def133824f6a6ff536a534dd8c171ffe02320b7362c15ad83f5
ZKAccess suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group. Version 3.5.3 is affected.
e51af303de037c193cb718e87876e32f06f7a64a66a90955afc034c4e3dcc236
ZKTime.Net suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change) for 'Everyone' group, making the entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable. Version 3.0.1.6 is affected.
9cb88adc874e989e21366fdcd577e8bd531dda6ee9584e15f2e77c43ddc2e0d1
CactuShop version 7 suffers from a database disclosure vulnerability.
82f9d5f5cdea5c187d3baf2aa4449df23005f80f15ba137b46773888b99225ff
Joomla JSJobs component version 1.0.7.5 suffers from a remote SQL injection vulnerability.
6baccd3bd0aaecb8b28f8c12bd5480dea2b363c00e69b0fe81fa9e9fda118901
Avira's free antivirus package installers suffer from a dll hijacking vulnerability.
cd4e84ee068f9e9cfe8d95ea64f7b69bb88001d7158979971fe5682f3df4324d
Freepbx version 13.0.35 suffers from a remote SQL injection vulnerability.
f71cd00e2fd0cddbaa2279de836b448a9e77c13832747b5c8571efd07ff97030
HelpDeskz versions 1.0.2 and below suffer from a remote, unauthenticated shell upload vulnerability.
9816e22386ec0f9df3beb93d610e5baa0d34a4f759bdaa9adbe1525d615e3eae
PLC Wireless Router GPN2.4P21-C-CN suffers from a file disclosure vulnerability.
336237f741b3ff70e9d07462ce23b28002d32e2db135cf5faa934722fa99eda7
PHP version 5.0.0 suffers from a xmldocfile() denial of service vulnerability.
0bcc951809d8bbc757db05b3c9e9177ebc25335a43389a3460b6a44b33ff7d20
Advanced File Manager version 3.0 suffers from backup disclosure and cross site scripting vulnerabilities.
793881f6a0535b252753d259c2b2584d1150cca79accb89d4b197e0ef44181ac
PHP version 7.0 suffers from an object cloning denial of service vulnerability.
99d5e9b3760594f8032d17ff774e17acee8cbab6077fc8d293c6f62d5d29a542
Goron Web Server version 2.0 suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.
9d72c12a74b4b68a02f0385f032f5c6393f565e4439926d16005a836fbd3c94a
PHP version 5.0.0 suffers from a simplexml_load_file() local denial of service vulnerability.
f7f56c7d578c979550e3037440da381a9ed6e1368c053130143eebab2f0c8dfa
MEGAsync version 2.9.9 suffers from a dll hijacking vulnerability.
467b99e7de6c333211eb620208e20c59316c0ecf3e1759eeb9e0e0987e558cf1
PHP version 5.0.0 suffers from a denial of service vulnerability in domxml_open_file().
1600c83298c5e9014bb21a20b3074ea6e67bb77c93ad413d58e7a39497143b1e
Keeper suffers from an issue where a trusted UI is injected into an untrusted webpage.
bc5f2d8563853d8fb0eb9f4dfe423eef486e80138fb54b3a704e0a4fe79e486d