This archive contains all of the 154 exploits added to Packet Storm in October, 2020.
b5cfc872c238a61ff5883d14c4a76378974806ddf56ff456ce4fb59e34b2c367
Cobian Backup Service versions prior to 11 suffer from an unquoted service path vulnerability.
23bef7053fc0f819508c7faa47673fb323bb8691cf6a73c449e709f1441ad8f1
Quick N Easy FTP Service version 3.2 suffers from an unquoted service path vulnerability.
c38bccb18e7838464f5a3cee09bb5a408db3c897f7df4e98ad770b10ffb706cc
HealthMonitor version 3.1 suffers from an unquoted service path vulnerability.
b830aa9cd8ffd86707694b33361fc6acbbab90058dff56d946d6eb98d9f71863
The Microsoft Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape).
dcd9bb74f157ccd45992a6aeffd77f590ad19684a1b4e9e165f72d39d919d700
Simple College Website version 1.0 suffers from code execution and remote SQL injection vulnerabilities.
e376096cc757722a9a9b5bcf16b207b9a9f8c5a06614c2fffac7d004d52259f8
Wondershare Dr.Fone version 3.0.0 suffers from an unquoted service path vulnerability.
26d7040b3fa2dbb8ced8f3b58bfb1ce674ab78449709550e871465d9e6e67d4f
Citadel WebCit versions prior to 926 suffer from a session hijacking vulnerability.
98e86cf86cfca145e13b74edda9a1fa5f16f57a911984a2cb0932be7f86782f8
Agent Tesla Botnet suffers from a cross site scripting vulnerability.
c170c4d163099300f40d75af8844855f539b42a13b5df9177ea5e5f8d09782f0
DedeCMS version 5.8 suffers from a cross site scripting vulnerability.
e9495aef3d8a7055dd27be701c095038e70287427e269abcd76a29e03771c740
CSE Bookstore version 1.0 suffers from a persistent cross site scripting vulnerability.
43b48eac38ffbd3edb385a455b2a2eb549a7ebfca5a7d897033f98bd7f828bf3
Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.
269998241a3473e130c36a33e8a41a91634ae92b38578c7c0fcfcf81171abc62
Genexis Platinum-4410 version P4410-V2-1.28 suffers from a cross site request forgery vulnerability.
cd3794a1c45a5196d326376b26aa0d62abf73663d405a3b352ac105735b4a929
Lot Reservation Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
8fb8b5d6d2181fe1523827a17f4627a5c49aa055796b0e3e5ab5f3bc01aa3b1a
Lot Reservation Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
82d342e2bf7eda1f9e1546ed794e9b91d12e1025ccb9a63ba9876f781aa39c9e
Icewarp WebMail version 11.4.5.0 suffers from a cross site scripting vulnerability.
bd4b225bf09ba2d23836eae6d0eef301010ef1a0c956eef8b47d2a92c566bc58
Mailman versions 1.x up through 2.1.23 suffer from a cross site scripting vulnerability.
3acd354767ea65719c08384106b042f59668c91d3587059546459b8bc4c33aa3
Point of Sales version 1.0 suffers from a persistent cross site scripting vulnerability.
b1abcd5d7eb0894c7563e29ca9a278b410be32cd7afa181ae98954a8747fbcb7
Online Examination System version 1.0 suffers from a persistent cross site scripting vulnerability.
abf23d72c2354792e43130404aef9ac045c0c9a640bd817b3ac572f49386bb3c
FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
3e74cc76bab0b12102b081d5d5527d7a09ac96232ae08096c3cc4702512988b9
Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.
1ce61cfa5df4fb1911183bd9133f8dd66643cf0945794e668ec5c2a5cb8333b5
God Kings version 0.60.1 suffers from an improper authorization issue allowing for in-game notification spoofing.
0739b7472a6c8181be50dac6e880dba434850aeb93bca40ab3c19da4c9c1fd8c
CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
22ade0807de506d719e10260a6706f161c23e19eabb44126ae5efb25be5761a3
Nagios XI version 5.7.3 mibs.php remote command injection exploit.
6855f4caf30f9e7751d6594a73e43b55ca31b7b9ddebeacdfa7108721c29da09
Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.
ad12e1f52e4713a386324b965386aa1a9020999aa33360fe64eedb3b1faaaecf