This archive contains all of the 72 exploits added to Packet Storm in October, 2023.
c94c24e210c8cf52bb398c42125e0e0a718c03cceed1f709502c10a2b4e8f667Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.
7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit.
1ca692b072e3e08fac192c7f2fc261d0ac4feb8be639620958ba27b295c9541fTEM Opera Plus FM Family Transmitter version 35.45 suffers from a cross site request forgery vulnerability.
a52528a06358c03567dd7250e46dc164be44ddfb510fb4bf6804baef2e55864dTEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.
7ade5447ba45d88833961d63cfdb8a3c4c9ce12a9bb50b6bc86aa17b24bdd65cWordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.
3c8bd183a8149e978aa13cbebd94a03b1f13fab6fc7a36a3dae48595fdb56856Oracle database versions 19.3 through 19.20 and 21.3 through 21.11 have an issue where an account with create session and select any dictionary can view password hashes stored in a system table that is part of a sharding component setup.
d2f153475e1ccb9fba7a3c56502ebe8182c7fe13f5f32cca180c60ebe9c205c7Citrix NetScaler ADC and NetScaler Gateway proof of concept exploit for the session token leakage vulnerability as described in CVE-2023-4966.
89ec75b909eb1e5d40ef988dc08431b0375f4fa6890974bea609b7d956cd8ac4WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.
930b5dea6544195034aa8f1e0157b1a5e03ff90d8a95610492e143d141d5a230VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.
64ffcacaea1bc62f727b2dd191fed3e691ed87d11e14a28285a0d1db38476562Moodle version 4.3 suffers from a cross site scripting vulnerability.
6b239daf093c1f26ad1d4831716d336997f542904bde8080364383e3c818009fPowerVR suffers from a multitude of memory management bugs including out-of-bounds access and information leakage.
c135dd9da4f49945f6ffab49beafba001bf366477d6ac30866c7fd5a8b312a8eVIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations.
410445f3600c298991dca858be19f7b5d39aabcc622dfaeb5831c84c9962918bThis Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator user and upload a malicious plugins to get arbitrary code execution. All versions of Confluence between 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1 are affected.
9243b392a2b5f9216cee221b4b8b37b7405bfb9cc8e0a614f33b37071a199e81Two and a half years ago an independent audit was performed on the Squid Caching Proxy, which ultimately resulted in 55 vulnerabilities being discovered in the project's C++ source code. Although some of the issues have been fixed, the majority (35) remain valid. The majority have not been assigned CVEs, and no patches or workarounds are available. Some of the listed issues concern more than one bug, which is why 45 issues are listed, despite there being 55 vulnerabilities in total (10 extra of the result of similar, but different pathways to reproduce a vulnerability). After two and a half years of waiting, the researcher has decided to release the issues publicly. This archive contains all of the proof of concept code released by the researcher.
8a60c32d038280c1edeea0a6969797283bd744dd1d8876f4879ad103db17b469XNSoft Nconvert version 7.136 is vulnerable to buffer overflow and denial of service conditions. Proof of concepts included.
638390b25c13e2dfa7b3f373e58cc3d277307ff7a2ae09d48cf4a2266af3831aNLB mKlik Makedonija version 3.3.12 suffers from a remote SQL injection vulnerability.
bfbdc9d4bfa68c32be4a4cd662ca092809eac913783fb0b5a3f2c2c88d4d8312Linux suffers from a small remote binary information leak in DCCP.
8f509db352a5daf100520971c2666cea99bc2b733614a6fbd107c438f44733beThe Microsoft Windows Kernel suffers from out-of-bounds reads and paged pool memory disclosure in VrpUpdateKeyInformation.
c87a5d6aa220b6741ae4904759814e063965888e7a3ac2b1614f1cd3581ff6a2The Microsoft Windows Kernel suffers from a paged pool memory disclosure in VrpPostEnumerateKey.
349851510cbd7d10a7c2d7d53d9ff2f6105bc83bca4a0b424c2ec5e16ae09df1WordPress Royal Elementor plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability.
75ad1e0b13ce523e2824530b0e478c185738d3854be5c82a387c52d974cbc3c4WordPress WP ERP plugin versions 1.12.2 and below suffer from a remote SQL injection vulnerability.
a38cdd6e736b65ba70f4c140a04a7141033a92afa8d3bd0aaf73181f9a4dcc06
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed