This archive contains all of the 170 exploits added to Packet Storm in March, 2022.
6bfa5ea340ba93d1eab5494d494509bb601607d56b218558b80524425948251eSpring Cloud Function versions prior to 3.1.7 and 3.2.3 are vulnerable to remote code execution due to using an unsafe evaluation context with user-provided queries. By crafting a request to the application and setting the spring.cloud.function.routing-expression header, an unauthenticated attacker can gain remote code execution. Both patched and unpatched servers will respond with a 500 server error and a JSON encoded message.
191fd2ef6dcf8a98bc701657de72fbfe2250e9ec9091b7372a38ea1abcff6241IdeaRE RefTree versions prior to 2021.09.17 suffer from a path traversal vulnerability.
6c01288d24fb06203fba1bbb4a1569c7c1519c40ba0e613d0c951377f72407e7IdeaRE RefTree versions prior to 2021.09.17 suffer from a remote shell upload vulnerability.
7a1f36a186daaabfb1cb5a35f53c2411f1ac4fc02655a8038cdac234c32dd9fdChrome has an issue where a malformed message sent to DeserializeFromMessage may trigger deserialization of out-of-bounds data.
f016c2cc33607e475f4fb0feaf3b97c31f557eea1cb21d5c1b76fc4fa4ad9003EG Free AntiVirus version 2020 suffers from an unquoted service path vulnerability that can lead to privilege escalation.
f5afeadbe9a6dd42729251f44605027c495f8ca53f5077f1ef0566b30d207ffdSpoofer version 1.4.6 suffers from an unquoted service path vulnerability that can lead to privilege escalation.
6e36f8ead3bb9754bebd29f1138b16de9f85c211a2321e246d8956e9be5fe982Medical Hub Directory Site version 1.0 suffers from a remote blind SQL injection vulnerability. This research was submitted on the same day Packet Storm received similar findings from Saud Alenazi.
485f05f134b2d3819d19208535bf09e2d66a1a262580141bc9a9964b00e68204Message System version 1.0 suffers from a remote SQL injection vulnerability that can lead to remote code execution.
f726216137cb25cc61ebd0212e3d991811ebe3e9be1b4d7c85db6f64b5cdf1beMessage System version 1.0 suffers from a persistent cross site scripting vulnerability.
4f43e6605407609b1bcdd1c5a3be22479cef1d68b174b04b20a647976713db71Chrome suffers from a heap use-after-free vulnerability in safe_browsing::ThreatDetails::OnReceivedThreatDOMDetails. Versions affected include Google Chrome 96.0.4664.110 (Official Build) (64-bit) and Chromium 99.0.4807.0 (Developer Build) (64-bit).
abc96b3ccb6e22768b4210d82c4a8f2e4acb93ed93b406ea11be905b7b11fd03Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.
3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911WordPress Easy Cookie Policy plugin version 1.6.2 suffers from persistent cross site scripting vulnerability due to a broken access control.
0f40c07bb7f4bcf7b5bf25dff22799cb9ddc37674fc191e7558caaaf8e60a2dfWordPress CleanTalk plugin versions 5.173 and below suffer from multiple cross site scripting vulnerabilities.
4136278cd0e53a4bc876e08a79e68f309bd0ea7712eb64d14cfca18b9f7d6147Kramer VIAware version 2.5.0719.1034 suffers from a remote code execution vulnerability.
71fd9ed67f1c3636b46e0f35d6d135b218a93103bbc2f9e74dd9d79b2c4d145cPostgreSQL versions 9.3 through 11.7 remote code execution exploit.
e597a53141013a6e5aaeefcbb4e28ade73077b7f1f7b8c7994ae9d9031e1d2ffMedical Hub Directory Site version 1.0 suffers from a remote SQL injection vulnerability.
ee8c310121323386739682f3a0a47f7c5876d9f946a2888843f501157e2fb296Medical Hub Directory Site version 1.0 suffers from a remote shell upload vulnerability.
200e45a8e60bd48fae8a91e1a1286756e616a4d42f06d24c5eb5531ecfa01d70Medical Hub Directory Site version 1.0 suffers from a persistent cross site scripting vulnerability.
6dbf01850ff08bd1a2757bdd19e72d23b225be15ae7664524a980f5ce48138e4Medical Hub Directory Site version 1.0 suffers from a local file inclusion vulnerability.
cd4822cdfbe0799d9da4d14ad9b06e2c18c4f3f1ea3b9ffdc72ec61ba4ca5ad0CSZ CMS version 1.2.9 suffers from multiple remote blind SQL injection vulnerabilities.
7431b5b000bf66ac213ad90301229b8ea2b82227a6d242c3733700f2c7f0470dWordPress Video-Synchro-PDF plugin version 1.7.4 suffers from a local file inclusion vulnerability.
f94520cb3421369e072051761bcdb9d992081457e9af1fbf068b1e7431481880WordPress Cab-Fare-Calculator plugin version 1.0.3 suffers from a local file inclusion vulnerability.
86ee0c35b5409a672125451f0cd0f8722c0e3f49332d9a986e3674880b8c4093Atom CMS version 1.0 suffers from a remote shell upload vulnerability.
a1ff9987b6bdc85d32bdf744311ddc50def1d3ba515fb3bb6f39d1a90ab9b9ffWordPress Donorbox-Donation-Form plugin version 7.1.6 suffers from a persistent cross site scripting vulnerability.
2fc87137716fc7ebe54874b9d582f16eba4586f4c195a3b359f3691bcccefa04
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed