This archive contains all of the 319 exploits added to Packet Storm in February, 2019.
1bcaf072acbe7fc8862dec9857fb641a8d7c2eaf91d8ebb36d996758af7943b5Joomla J2Store versions prior to 3.3.7 suffer from a remote SQL injection vulnerability.
1e97794d4336f176dd444cd3487fac8800756e95c4fa44ecb5dbc4a997e2daa4A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
9d1274a1cd79b05c5388dac3dae49ae0bd47e790ca5b08b896914d7cc2998ca8Joomla Content component version 3.x suffers from a remote SQL injection vulnerability.
9ba6843822eb295a8cb3e2cf6821ce870f61f2cee34eb1132a8cc436ea24c19fFTP Server version 1.32 suffers from a denial of service vulnerability.
300bae6c8767ddf928747116088b6a4834029d98aa60ccacc139e083987e83ceThis Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.
a940da2e6fa296310cce651b821c9fdf8c7a9ec1bb8147e392837045d45532aaWordPress Cerber Security, Antispam, and Malware Scan plugin version 8.0 suffers from multiple bypass vulnerabilities.
4a5265fe88f590f2244214ce3ceaa7a2cff1c4aa959fe7a44a983ec7873765dfvBulletin version 4.2.5 with vBSEO version 3.6.1 suffers from an open redirection vulnerability.
3e6072c777f9e6b1fa54d538e3787db1c5549291bfde83d4d7294b5f5158b225vBulletin version 4.x.x with DragonByte SEO version 2.0.31 suffers from an open redirection vulnerability.
c30a29020b2699d4b2fca2b1786f0511f9e9546a4d8d9a6313fa1002191ef024This Metasploit module exploits an arbitrary command execution vulnerability in Usermin 1.750 and lower versions. This vulnerability has the same characteristics as the Webmin 1.900 RCE.
505ea2f8624f6e3310d6adcbed739f255d5848596538d08bca4e2634ea2ba8d5TransMac version 12.3 suffers from a denial of service vulnerability.
412064fa5edcf00ced6b78b017347a3b832744568aeba5f1c58e79b27548ef80DUMPit is an exploit for the SHAREit mobile app abusing two recently discovered vulnerabilities affecting SHAREit Android application versions 4.0.38 and below. The first one allows an attacker to bypass SHAREit device authentication mechanism, and the other one enables the authenticated attacker to download arbitrary files from the user's device. Both vulnerabilities were reported to the vendor and patches have been released.
dca3c57e123cd7505a079d465df0e3ed6eb0383632d057de092d08aa581a3e30Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service.
fb9baf689c47875cf56ed6918386a270499142ea5e915be52d8936b09ba2adbbZentyal Server Development Edition version 6.0 suffers from a cross site scripting vulnerability.
1dd3682af8e86e66ede142a3e3ecd5ee4b86fe668c2a76bb2b415cc98deb0bf2Chrome suffers from a use-after-free vulnerability in FileWriterImpl.
2dd17dbd1895915d6546d52f25a07461fc335eb44dcded0bf7d33720916ebe5cChrome suffers from a use-after-free vulnerability in the RenderProcessHostImpl binding for P2PSocketDispatcherHost.
11fb3cadf252944e7b29e9069845929d7d4986f025488c7c0c80f5dc9b88bb27tcpdump was found to suffer from multiple out-of-bounds read vulnerabilities.
cea131972888984634d05f66fcb925a4eaa31822c00269467fbc5939cb230885Chrome suffers from a use-after-free vulnerability in RenderFrameHostImpl::CreateMediaStreamDispatcherHost.
fb031633c01be0530ba93f915787ad97df1516fb4d5cc8dcbb8d0b436e7ca99aSimple Online Hotel Reservation System suffers from multiple cross site request forgery vulnerabilities.
c37555b23a0682c85d048543ed9bbd91aee430dfb3252aaa2d192b608774e2d2Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
4108d89cd5aacaa5aba00bce1d89efdaca7515189ceb474f8a7a6e3a9ecd5ac2DomainMOD version 4.11.01 suffers from a cross site scripting vulnerability in the custom domains fields page.
b7f2bf6a2c81c5c51b98752fce5e1a6eef8695a29d0c56a434778c0e32ac0dd7vBulletin version 4.2.0 with ChangUonDyU Chatbox plugin version 3.6.0 suffers from cross site scripting vulnerabilities.
bb1231371b917c4f9e749a0a46ebf3e8059e33f4abd5c0f9cd3a8c41f8b16d9aSQLiteManager versions 1.2.0 and 1.2.4 suffer from a remote blind SQL injection vulnerability.
f05d89a50e34425c7eaf33707af3151232c78c66c9d035d35ba381c9d994a25eThe SVG nanosvg library suffers from a denial of service vulnerability due to a memory corruption bug.
7121b6e7ae15be24c467211cf5138837d1daec8f142753d900feb0b312c45854DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in registrar-account.php.
fb3c13ee5af93f58179b2e96839a21d0698d43b4060a3967b40103aa4ebee593
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed