This archive contains all of the 72 exploits added to Packet Storm in October, 2023.
c94c24e210c8cf52bb398c42125e0e0a718c03cceed1f709502c10a2b4e8f667
Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.
7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41
phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03
SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487
SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
XAMPP version 3.3.0 .ini unicode + SEH buffer overflow exploit.
1ca692b072e3e08fac192c7f2fc261d0ac4feb8be639620958ba27b295c9541f
TEM Opera Plus FM Family Transmitter version 35.45 suffers from a cross site request forgery vulnerability.
a52528a06358c03567dd7250e46dc164be44ddfb510fb4bf6804baef2e55864d
TEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.
7ade5447ba45d88833961d63cfdb8a3c4c9ce12a9bb50b6bc86aa17b24bdd65c
WordPress AI ChatBot plugin versions 4.8.9 and below suffer from arbitrary file deletion, remote SQL injection, and directory traversal vulnerabilities.
3c8bd183a8149e978aa13cbebd94a03b1f13fab6fc7a36a3dae48595fdb56856
Oracle database versions 19.3 through 19.20 and 21.3 through 21.11 have an issue where an account with create session and select any dictionary can view password hashes stored in a system table that is part of a sharding component setup.
d2f153475e1ccb9fba7a3c56502ebe8182c7fe13f5f32cca180c60ebe9c205c7
Citrix NetScaler ADC and NetScaler Gateway proof of concept exploit for the session token leakage vulnerability as described in CVE-2023-4966.
89ec75b909eb1e5d40ef988dc08431b0375f4fa6890974bea609b7d956cd8ac4
WordPress LiteSpeed Cache plugin versions 5.6 and below suffer from a persistent cross site scripting vulnerability.
930b5dea6544195034aa8f1e0157b1a5e03ff90d8a95610492e143d141d5a230
VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.
64ffcacaea1bc62f727b2dd191fed3e691ed87d11e14a28285a0d1db38476562
Moodle version 4.3 suffers from a cross site scripting vulnerability.
6b239daf093c1f26ad1d4831716d336997f542904bde8080364383e3c818009f
PowerVR suffers from a multitude of memory management bugs including out-of-bounds access and information leakage.
c135dd9da4f49945f6ffab49beafba001bf366477d6ac30866c7fd5a8b312a8e
VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations.
410445f3600c298991dca858be19f7b5d39aabcc622dfaeb5831c84c9962918b
This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator user and upload a malicious plugins to get arbitrary code execution. All versions of Confluence between 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1 are affected.
9243b392a2b5f9216cee221b4b8b37b7405bfb9cc8e0a614f33b37071a199e81
Two and a half years ago an independent audit was performed on the Squid Caching Proxy, which ultimately resulted in 55 vulnerabilities being discovered in the project's C++ source code. Although some of the issues have been fixed, the majority (35) remain valid. The majority have not been assigned CVEs, and no patches or workarounds are available. Some of the listed issues concern more than one bug, which is why 45 issues are listed, despite there being 55 vulnerabilities in total (10 extra of the result of similar, but different pathways to reproduce a vulnerability). After two and a half years of waiting, the researcher has decided to release the issues publicly. This archive contains all of the proof of concept code released by the researcher.
8a60c32d038280c1edeea0a6969797283bd744dd1d8876f4879ad103db17b469
XNSoft Nconvert version 7.136 is vulnerable to buffer overflow and denial of service conditions. Proof of concepts included.
638390b25c13e2dfa7b3f373e58cc3d277307ff7a2ae09d48cf4a2266af3831a
NLB mKlik Makedonija version 3.3.12 suffers from a remote SQL injection vulnerability.
bfbdc9d4bfa68c32be4a4cd662ca092809eac913783fb0b5a3f2c2c88d4d8312
Linux suffers from a small remote binary information leak in DCCP.
8f509db352a5daf100520971c2666cea99bc2b733614a6fbd107c438f44733be
The Microsoft Windows Kernel suffers from out-of-bounds reads and paged pool memory disclosure in VrpUpdateKeyInformation.
c87a5d6aa220b6741ae4904759814e063965888e7a3ac2b1614f1cd3581ff6a2
The Microsoft Windows Kernel suffers from a paged pool memory disclosure in VrpPostEnumerateKey.
349851510cbd7d10a7c2d7d53d9ff2f6105bc83bca4a0b424c2ec5e16ae09df1
WordPress Royal Elementor plugin versions 1.3.78 and below suffer from a remote shell upload vulnerability.
75ad1e0b13ce523e2824530b0e478c185738d3854be5c82a387c52d974cbc3c4
WordPress WP ERP plugin versions 1.12.2 and below suffer from a remote SQL injection vulnerability.
a38cdd6e736b65ba70f4c140a04a7141033a92afa8d3bd0aaf73181f9a4dcc06