This archive contains 229 exploits that were added to Packet Storm in January, 2017.
feb93270aff92889e8286025e068085a872d67992cd7bb3dbb30d6fb7f732662
Viscosity for Windows version 1.6.7 suffers from a privilege escalation vulnerability. It is possible to execute openvpn with a custom dll as SYSTEM using ViscosityService because the path is not correctly validated.
1e165f6606a232bfd4cc34a34c68a7346cb59ed704cf1caf321ea02cee78ab3e
Multiple Netgear routers suffers from remote and local password disclosure vulnerabilities.
dbaeb4937d70280e3491b85b30c34a0d631fed2c6555336ee35deb7fefcc8dda
Itech Multi Vendor Script version 6.49 suffers from a remote SQL injection vulnerability.
3b956b159cd882b8b43f719ce66d2222edcf0227acab224b8cfbd1c3ded4ad83
Netman 204 suffers from backdoor accounts and a password reset vulnerability. The backdoor accounts were already discovered in September of 2016 by Saeed reza Zamania.
604c3bc5a72eb8e9929ea3e43976a09ff9667d1f8bff94b645c84be2b5255741
Itech News Portal Script version 6.28 suffers from a remote SQL injection vulnerability.
66666fa7d3b32270be5df5fb8f2232b2476f89ebef78c89e9ff8002d7094d1ce
PHP Product Designer Script suffers from a remote file upload vulnerability.
7d790c1ec21fded17dacbbc17620efc38ecb001d6fc9c52edfe9851c78357a60
This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages. The attack can be performed by anyone who can print, for example through USB or network. It can even be carried out by a malicious website, using advanced cross site printing techniques in combination with a novel technique we call CORS spoofing.
c418874775830be69d70d766dd0802c21da19fba2301929c1dd21e23ad79ce68
This post is about manipulating and obtaining documents printed by other users, which can be accomplished by infecting the printer with PostScript malware.
9abc3f6da5a87fc7c87c58ebcb60b7ead620ec10be3c424d01c2e0514ee518ae
PHP Logo Designer Script suffers from a remote file upload vulnerability.
316e2dade3a9f46160380b992df148227d68aff8a4b8be881d2dc40f153f042c
Video Sharing Script version 4.94 suffers from a remote SQL injection vulnerability.
51cd7012cafd95506f8a099c63f43f991578eced342ebff4712c2963b201cc08
A remote attacker with knowledge of a single machine name and the corresponding OPSI machine key is able to execute arbitrary commands on any OPSI Managed client in the same managed environment by using the Remote Procedure Call (RPC) Interface of the OPSI-Server. The attacker is able to use the SYSTEM privileges of the OPSI Agent on any managed client computer and execute arbitrary commands leading to an elevation of privileges. Affected includes OPSI Server version 4.0.7.26 and OPSI ClientAgent version 4.0.7.10-1.
444597f83e9e0ad48a430a35373f0bc6a018226b622b3ff1e949820391597d37
TrueConf Server versions 4.3.7.12255 and 4.3.7.12219 suffer from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
c268634b4be86fbe36157ba4f3fc083eb4e8698c949b0d758b92a379295d70c7
Sophos Web Appliance version 4.2.1.3 is vulnerable to two remote command injection vulnerabilities.
545641ea8be8bc213ed17b9bb9c8d8511001c33b8803e8aeeba5626c4a9d867c
WordPress User Access Manager plugin version 1.2.6.7 suffer from a cross site scripting vulnerability.
6922073e4128970a34c759af113c580b26f672963ff2a12e052ca6848ce12293
OpenSSL version 1.1.0 remote client denial of service proof of concept exploit.
964cd481b9abdff9f9960aba02aa087e5cdcad73beec5a68da63a8dd496bc4a2
Palo Alto Networks Terminal Services Agent version 7.0.3-13 suffers from an integer overflow vulnerability.
e45c3f4e0cdee5a0f78e1af2cc44ac9e669a192a272936672aad7c5fe6575cb3
Caregiver Script version 2.57 suffers from a remote SQL injection vulnerability.
b811376cf386bab477105d2de7190d74856f594b7e09355d3c7b2a1d14b432b2
Auction Script version 6.49 suffers from a remote SQL injection vulnerability.
8ff67b2cddd4edf6bb2086deea3a991c269d85226ab98c3ae807c2b16fad60a2
Itech B2B Script version 4.28 suffers from a remote SQL injection vulnerability.
cab1a6e82ebadac4f663a5eb52658829f99490245bc9306165c8ef97004eb4e6
Itech Classifieds Script version 7.27 suffers from a remote SQL injection vulnerability.
d43640ea3ad566302f6c169afc93c9190c6a4d160b922193baf9ccd8c3b0bf9e
Itech Real Estate Script version 3.12 suffers from a remote SQL injection vulnerability.
29da956361649d87ee72abce562c3a2044217b2376f27b9db48fa2ff4eff17de
HelpDeskZ versions prior to 1.0.2 suffer from SQL injection and file download vulnerabilities.
8c185bb7326388d66e9e49c601f3938311a6f93e9120ee806a176eebe4fcbeaa
Video Sharing Script version 4.94 suffers from a remote SQL injection vulnerability.
33dd4a27ccacdcdc5ecfdc8a62ad3f651830116dce1d66fed2a8dcb41b329602
Itech Dating Script version 3.26 suffers from a remote SQL injection vulnerability.
7e6f64ae2f31f9cfa3d001b17115675d977a302a5aa4a661c3b703afbcaffd75