This archive contains all of the 97 exploits added to Packet Storm in September, 2020.
4ff91bd662df0a99640af224386b9628158a60690cb36827812fbec042bea43a
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
74ae12d312c6c46fa9f122b2a106d803de515d0b707dfe34720c066dd56a2680
MailDepot version 2032 SP2 (2.2.1242) suffers from a session expiration design issue.
700f980163d0fca1ea48e794d6af4f154b44ba1253811ef8c5c1d57d881a5603
DOMOS versions 5.8 and below suffer from a command injection vulnerability.
f79d55cd2e399530aae5ed6c8d32963564e7a1e6dcd732e4f4fc6cb4d787808f
Qiata FTA versions 1.70.19 and below suffer from a cross site scripting vulnerability.
ffa825bb3a9b050965fbf372d65a3eb70ac962e897f3c02dab225c86de686b1c
WebsiteBaker version 2.12.2 suffers from a remote code execution vulnerability.
fa7e1552592e449fd97dc552bdebc64f0b917d21b1d2f57451d3ca16124dda74
BearShare Lite version 5.2.5 buffer overflow proof of concept exploit.
a52c5f351ec08e7c33c7ea5194951670316464845b63be28459a553f59dc8844
It appears that the corona virus Exposure Notifications API for iOS and Android may have a data leakage issue.
8e18dbc56574e080e742895300d9e809339058ef58eb5d6a3369cb6d7a66780a
CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.
fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9
Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.
c8c3442a86453108afc78a8c318c4066965ecee2291d2821b49be30d0944428d
Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.
31ca9b8599ce9c83932797054a4edb9d935327170c17b0b17e8f585827a0591e
MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.
d3812dcad998d0f840196864aac543b840cbaf34007890de731a2ca9e42a75b2
This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours.
3a60a69dcbeb7de997adcc7d739647b41b00df07ef99e3f346dd78c5b1f47616
This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).
46bcd0fb88548beb443fdf27155d8d4343ca495c9eb2a3289d06a46da4ac2b7b
BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.
92f4a303fee246d434165dc019b78a49fcc67be677212629c4facc2f010f054c
Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability.
2288d0c14aa10c3089a21d3372596ca0880f0ee28d0af1aa294dfcf4eef0c75d
Simple Online Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability.
5be9ad3712f81aa3338ec6d04c94ef713c4e4f4a6227007e4eb1f455fa7c71f1
Online Food Ordering System version 1.0 suffers from a remote code execution vulnerability.
b00e3e55a7092bb1191e37b676c6ea8eb89f153da41044bc07a0adbccb450ff2
This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote system.
078f133f8a5eb45e3921bb8de3c7d640fa15b03306907ebf439e915e4be64e2a
An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can be sent to the Jenkins endpoint to achieve code execution on the target.
3729c358cb302e4f78e19a3ad5a83bfe54ed6e185ea35041abb6038c065373da
Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.
a2c9a67834ae7b5586ab0924c27409536188445292536240d0435a2a049b9826
Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.
ab71e9e2d73f91afd6433dee7ea244f66a2b959b00c6468e3921bccb4fff8517
Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability.
cb1c652d4ae15d8448990bede6751ce07de7adb24b5262b41a248c1d481c164f
Google's osconfig agent was vulnerable to local privilege escalation due to relying on a predictable path inside the /tmp directory. An unprivileged malicious process could abuse this flaw to win a race condition and take over the files managed by the high privileged agent process and thus execute arbitrary commands as the root user (full capabilities). Exploitation was possible only during an osconfig recipe being deployed.
1cc92e5ebabd438a79296409a717f268826979019ed2cd8fa31fe695998e710e
Flatpress Add Blog version 1.0.3 suffers from a persistent cross site scripting vulnerability.
b05ba3a8a8edfeb2bc69bce1cc9b801363648b1c925575a4dffaf8545342a5f4