This archive contains 229 exploits that were added to Packet Storm in January, 2017.
feb93270aff92889e8286025e068085a872d67992cd7bb3dbb30d6fb7f732662Viscosity for Windows version 1.6.7 suffers from a privilege escalation vulnerability. It is possible to execute openvpn with a custom dll as SYSTEM using ViscosityService because the path is not correctly validated.
1e165f6606a232bfd4cc34a34c68a7346cb59ed704cf1caf321ea02cee78ab3eMultiple Netgear routers suffers from remote and local password disclosure vulnerabilities.
dbaeb4937d70280e3491b85b30c34a0d631fed2c6555336ee35deb7fefcc8ddaItech Multi Vendor Script version 6.49 suffers from a remote SQL injection vulnerability.
3b956b159cd882b8b43f719ce66d2222edcf0227acab224b8cfbd1c3ded4ad83Netman 204 suffers from backdoor accounts and a password reset vulnerability. The backdoor accounts were already discovered in September of 2016 by Saeed reza Zamania.
604c3bc5a72eb8e9929ea3e43976a09ff9667d1f8bff94b645c84be2b5255741Itech News Portal Script version 6.28 suffers from a remote SQL injection vulnerability.
66666fa7d3b32270be5df5fb8f2232b2476f89ebef78c89e9ff8002d7094d1cePHP Product Designer Script suffers from a remote file upload vulnerability.
7d790c1ec21fded17dacbbc17620efc38ecb001d6fc9c52edfe9851c78357a60This post is about accessing a printers file system through ordinary PostScript or PJL based print jobs -- since decades a documented feature of both languages. The attack can be performed by anyone who can print, for example through USB or network. It can even be carried out by a malicious website, using advanced cross site printing techniques in combination with a novel technique we call CORS spoofing.
c418874775830be69d70d766dd0802c21da19fba2301929c1dd21e23ad79ce68This post is about manipulating and obtaining documents printed by other users, which can be accomplished by infecting the printer with PostScript malware.
9abc3f6da5a87fc7c87c58ebcb60b7ead620ec10be3c424d01c2e0514ee518aePHP Logo Designer Script suffers from a remote file upload vulnerability.
316e2dade3a9f46160380b992df148227d68aff8a4b8be881d2dc40f153f042cVideo Sharing Script version 4.94 suffers from a remote SQL injection vulnerability.
51cd7012cafd95506f8a099c63f43f991578eced342ebff4712c2963b201cc08A remote attacker with knowledge of a single machine name and the corresponding OPSI machine key is able to execute arbitrary commands on any OPSI Managed client in the same managed environment by using the Remote Procedure Call (RPC) Interface of the OPSI-Server. The attacker is able to use the SYSTEM privileges of the OPSI Agent on any managed client computer and execute arbitrary commands leading to an elevation of privileges. Affected includes OPSI Server version 4.0.7.26 and OPSI ClientAgent version 4.0.7.10-1.
444597f83e9e0ad48a430a35373f0bc6a018226b622b3ff1e949820391597d37TrueConf Server versions 4.3.7.12255 and 4.3.7.12219 suffer from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
c268634b4be86fbe36157ba4f3fc083eb4e8698c949b0d758b92a379295d70c7Sophos Web Appliance version 4.2.1.3 is vulnerable to two remote command injection vulnerabilities.
545641ea8be8bc213ed17b9bb9c8d8511001c33b8803e8aeeba5626c4a9d867cWordPress User Access Manager plugin version 1.2.6.7 suffer from a cross site scripting vulnerability.
6922073e4128970a34c759af113c580b26f672963ff2a12e052ca6848ce12293OpenSSL version 1.1.0 remote client denial of service proof of concept exploit.
964cd481b9abdff9f9960aba02aa087e5cdcad73beec5a68da63a8dd496bc4a2Palo Alto Networks Terminal Services Agent version 7.0.3-13 suffers from an integer overflow vulnerability.
e45c3f4e0cdee5a0f78e1af2cc44ac9e669a192a272936672aad7c5fe6575cb3Caregiver Script version 2.57 suffers from a remote SQL injection vulnerability.
b811376cf386bab477105d2de7190d74856f594b7e09355d3c7b2a1d14b432b2Auction Script version 6.49 suffers from a remote SQL injection vulnerability.
8ff67b2cddd4edf6bb2086deea3a991c269d85226ab98c3ae807c2b16fad60a2Itech B2B Script version 4.28 suffers from a remote SQL injection vulnerability.
cab1a6e82ebadac4f663a5eb52658829f99490245bc9306165c8ef97004eb4e6Itech Classifieds Script version 7.27 suffers from a remote SQL injection vulnerability.
d43640ea3ad566302f6c169afc93c9190c6a4d160b922193baf9ccd8c3b0bf9eItech Real Estate Script version 3.12 suffers from a remote SQL injection vulnerability.
29da956361649d87ee72abce562c3a2044217b2376f27b9db48fa2ff4eff17deHelpDeskZ versions prior to 1.0.2 suffer from SQL injection and file download vulnerabilities.
8c185bb7326388d66e9e49c601f3938311a6f93e9120ee806a176eebe4fcbeaaVideo Sharing Script version 4.94 suffers from a remote SQL injection vulnerability.
33dd4a27ccacdcdc5ecfdc8a62ad3f651830116dce1d66fed2a8dcb41b329602Itech Dating Script version 3.26 suffers from a remote SQL injection vulnerability.
7e6f64ae2f31f9cfa3d001b17115675d977a302a5aa4a661c3b703afbcaffd75
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed