This archive contains all of the 127 exploits added to Packet Storm in June, 2020.
5d20c1de390186928844ed4f321a3f305314f0caf79300d0b4b9b8383e4c8360
openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.
400d9b74c5924b238ccb88c1968e13b4640183baf55f44521ab902c275f4c1d9
openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.
e7161d7a2b2b5f3b74f9ce9373cde1c623bb264344142c67862680b20c2bfee5
openSIS versions 7.4 and below suffer from an access bypass vulnerability.
de18d17ff15947139e2907c1c51bf51af6d549555d04403c26002b9a0c85a3af
The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software and does not appear to be changed with each new build. It is possible to reconstruct the decryption process
8e1693c954c2b9222de10e46717620d6631dc916f4d2bd744336668d271dbc33
This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.
344a78946baa67ebb531073dad88904763b7f86e0bf52c4f8197e8fc0c0f179d
Reside Property Management version 3.0 suffers from a remote SQL injection vulnerability.
9183471e0151039ba3174dafcc1f9f66cf8d3aaf7e9711e8a2864d85c83bfad6
Victor CMS version 1.0 suffers from a user_firstname persistent cross site scripting vulnerability.
fe4085a15f1f89fb9cf4a3bc61df5a3e0c9705d49ea0ae170ae336a03292b04f
This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7.
9f2d762b1d8e6bcbc5f7e02bde9b6d95028ec1015c112f2165e2847c2855320d
NetPCLinker version 1.0.0.0 SEH with egghunter shellcode buffer overflow exploit.
faf335f38b0cfa1532855053ad2d12d2861d1f997d3c34bf6c71855e835b30fe
Windscribe version 1.83 suffers from an unquoted service path vulnerability.
3a69097c69131501de9a2d82ddd6f5a72a10ad74914c97973bbec4417c602330
OpenEMR version 5.0.1 suffers from a remote code execution vulnerability.
30c2dce13c4d30c1351faa3934ffc815807ae3f57ed30e9c09176e6fe07bef30
KiteService version 1.2020.618.0 suffers from an unquoted service path vulnerability.
9f1969c9c40c04b042621ad8bb3cb88b82b11330fa83a1668a4726b74582010c
Fire Web Server Pre-Alpha version suffers from a denial of service vulnerability.
e57467b419ce3fa77ec60d1ede7a8ea90d39c83b42464e2cde3fa519c3fe4149
This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).
9d49478c9a416ef64a062b712cd22c68e5b37e2e0f0dbc80fc3655a1c2e3d686
iOS and macOS suffered from a wifi proximity kernel double-free vulnerability in AWDL BSS Steering.
185ed329e279974bff794995bb28d911a3d0487fe537cf5e9f91c71beea77fb6
This Metasploit module exploits a cross site request forgery vulnerability in Online Student Enrollment System version 1.0 to perform a shell upload.
b6366584b46649d37ada0b665f649825e40650ad568620f751b7363d7e66995e
FHEM version 6.0 suffers from a local file inclusion vulnerability.
5160e3d33cbb28402cdd7c05ddca7fa56063505199fb9e026f19326dc0072f10
This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.
10cd5282101291a6752965e7e18cbc4e13658d0643547dbb3204e8fd764b8c3a
ASUS Aura Sync version 1.07.71 ene.sys privilege escalation kernel exploit.
e7ab712703b5aec8283763947cace886385e933263c2aec57c840e86c46387e6
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bff
This document describes a stack overflow vulnerability that was found in October, 2019 and presented in the Pwn2Own Mobile 2019 competition in November 2019. The vulnerability is present in the UPNP daemon (/usr/sbin/upnpd), running on NETGEAR R6700v3 router with firmware versions V1.0.4.82_10.0.57 and V1.0.4.84_10.0.58. It allows for an unauthenticated reset of the root password and then spawns a telnetd to remotely access the account.
3ccd57c2afc9c37bec7729262aa2b172845c46c639bdb363b6009f40ca166d05
BSA Radar version 1.6.7234.24750 suffers from a persistent cross site scripting vulnerability.
0a6d9ae3213d039a6276115d9acee975c7246ffd2f7f8ad53860f3603aea7410
Responsive Online Blog version 1.0 suffers from a remote SQL injection vulnerability.
1401161ce6b0a7ed5fc9ef91c952923a4dc82b83bf04cc7581ae973569e01601
Online Student Enrollment System version 1.0 suffers from a cross site request forgery vulnerability.
d93c93e52377bb4e710a9481fc7f622850eaf45ecf8e07c5dcfc655bf7d9016f