This archive contains all of the 144 exploits added to Packet Storm in April, 2016.
46809635d72c7b71ba1c6adeb489358856e971e4047c326fb8e8efa12d733e36
Observium version 0.16.7533 suffers from code execution and cross site request forgery vulnerabilities.
2359c07b1bd62ab882e442b19908fa49ee5d76e0f485673bc1f79ac54b6ccf30
Observium version 0.16.7533 suffers from a cross site request forgery vulnerability.
4198f71dabd0d94dfbaba0c5817ddef7ef67bdaea792ebd8df049f7971bceca1
This Metasploit module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.
39285e2ede3a389887f3e8ccc69a2f47104f97406d3bfc7a832a9a1fa422a408
GLPI version 0.90.2 suffers from a remote SQL injection vulnerability.
0a52a7fa8c4afcded04b0fa0b0ab812aee4b472f7d4fb50e3c3e6e43d1e28060
Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer.
42d80c8c079b60b4bc65a4b8b6eb7f5a8513451ea130ab38f10dc017a6e5a274
WordPress Truemag theme from 2016 Q2 suffers from a cross site scripting vulnerability.
535e6b5cc0dcbbce54a286927067ea524876c67bce5639075551768ebdf0a155
An integer wrap may occur in PHP 7.x before version 7.0.6 when reading zip files with the getFromIndex() and getFromName() methods of ZipArchive, resulting in a heap overflow. Full exploit included.
e8c95e113360c07e5f57ee1a402ad502f85525d7f354dd5b76ad74e45439655d
A Microsoft Windows kernel crash exists in the win32k.sys driver while processing a corrupted TTF font file.
20e2a865b13b1b14dde608971f4405d9d26b6e13cce289f692f5aa53d27dd8b7
If an application sends a one way binder transaction the service tries to send a reply which fails. This causes the service manager to exit its binder loop and the process dies causing the system to reboot. Tested on Android version 6.0.1 February patches.
24774ca1e49bd4db1b9ed63ebb744a6f55a49da06db379a0c1076409bd39b4c2
This is a SUID, SIP, and binary entitlements universal OS X local privilege escalation exploit.
49924fa08f8b101fdbdbfba6d5e985f619bd430e2fafdbe9548a078782bb9339
EMC ViPR SRM versions prior to 3.7 suffer from a cross site request forgery vulnerability.
937f63577c3fcb4a53eaee2b489e94d280b7edee85b27ac120b653f7667e8d0f
AWS appears to suffer from a CAPTCHA bypass vulnerability.
2955e115e77880713afefd1475e050fa22bdfa2f21da64a85676517555945dc6
Voo branded Netgear CG3700b custom firmware version 2.02.03 suffers from cross site request forgery and insufficient authentication vulnerabilities.
f2bfc41c1d1c5ce03e952d1ce938bc3be05839005ba5499d8e7a71df4a8182a6
The CSRSS BaseSrv RPC call BaseSrvCheckVDM allows you to create a new process with the anonymous token, which results on a new process in session 0 which can be abused to elevate privileges.
f24c7d593d547e23379c3440dbf5f7f452e40b8133e8dd3211fa702220bba978
RomPager versions 4.34 and below router authentication remover exploit.
38645aa2c86dfa0cb64d4619e5778ca2411cb0f863d9768a0f6f53af705c2c8e
Sophos XG Firewall (SF01V) suffers from a cross site scripting vulnerability.
d40c538cdcd71b7e182b19515a9c3cc792fcb182d52b84a21cdcea81b967c2ba
Trend Micro's website suffered from an email spoofing vulnerability.
e036a8a755636cc38be306245627af052b92cd4305af973b466af3b9e30bb747
Oracle Discoverer Viewer BI suffered from an open redirection vulnerability.
e23c0a5e2dc5af6727a12408ff49391c3f3651447979dec521f61fe2e285dff3
VoipNow version 4.0.1 suffers from script insertion vulnerabilities.
03f60bcbb2e812664fd02e7f5aad5865f9811f053e4ea7cae9e0ac16d08eb954
A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 exposing Iperf tool to unauthenticated users. Injecting a command in the perf_measure_server_ip parameter, an attacker can execute arbitrary commands. Since the service runs as root, the remote command execution has the same administrative privileges. The remote shell is obtained uploading the payload and executing it. A reverse shell is preferred rather then a bind one, since firewall won't allow (by default) incoming connections. Tested on Hardware version V02A and Firmware version 01.01.02.082.
46cb65000b542aa82162870f00d5dc85d65f04b83be0846b89ed193e6c3a6c0b
A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 which allows unauthenticated remote attackers to retrieve a valid Administrative SID.
b4280a001436ff85b0ae7737bade7383e9b0bd2426d3bfe6ca6176ba8464b94f
Yasr console screen reader version 0.6.9-5 proof of concept buffer overflow exploit.
b13efe4490faed9031907233af99ea83b8ee18e36470b5ebdb9b4e3e3de1c43e
NationBuilder suffers from multiple persistent cross site scripting vulnerabilities.
605c2c3c1032d340f16cd0038f39dd85e6364f17892b876b71724d47ac764bf9
IrIran Shopping Script version 4.1 suffers from a cross site scripting vulnerability.
828edab3e7924d0f81c1fce38155f8638c3e73f0a9314ba81f3edfc6c8485c69