This archive contains all of the 201 exploits added to Packet Storm in August, 2018.
546dd3cf0b3601a0c9d32210b6cd1c20035ca0416383071b8efc39da27b874ec
Linux suffers from a reiserfs listxattr_filler() heap overflow vulnerability.
bda8cff2fd8a8c683d0b06a45887982f218af840ef2b2e66113c85ebc43d76eb
DamiCMS version 6.0.0 change administrative password cross site request forgery proof of concept exploit.
c64f583df2199c7fe4254d38572104c3d2476164b43f76ec9deb32b708ac2020
The Vox TG790 ADSL router suffers from a cross site scripting vulnerability.
717552a1ef7035d3e690e5b4d070714826cd3b55c01ad8f8d9bb7544d6f8014d
Acunetix WVS Reporter version 10.0 suffers from a denial of service vulnerability.
f99437e7dbb525c610fa5d7015e4693fadd0e49fcca2b81f85c551bec17fb8e8
AZORult Stealer version 2 suffers from a remote SQL injection vulnerability.
674810906207e9407a36c925c186d9b8619229225cf8ba7ac0793ba7e833cfe1
This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).
07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4a
ownCloud version 0.1.2 suffers from a user impersonation authorization bypass vulnerability.
29b952619c8992a8a4ce5753eaedfa7b6eaafa33618c92674d49b3731375dc42
WordPress Jibu Pro plugin version 1.7 suffers from a cross site scripting vulnerability.
18c1194e869784b9a96a05527b9decfd9b972dec28496a9cb4a9df608b8a85da
WordPress Quizlord plugin version 2.0 suffers from a cross site scripting vulnerability.
62f0455ed5e3caa433f776afbd757a6ace1243aa45ddf39b3f26277ba9762848
Cybrotech CyBroHttpServer version 1.0.3 suffers from a cross site scripting vulnerability.
149e18fdc58e7ab10a560a31539fb56b08816845e01114abfa7a0b7a31ad5ba8
Cybrotech CyBroHttpServer version 1.0.3 suffers from a directory traversal vulnerability.
7b9c732ab95b49391cb25a863aa1969ba51ecb15bd4a8a0e7caeab1076eeef91
Nord VPN version 6.14.31 suffers from a denial of service vulnerability.
e951f9644cbc57d0201f5a33382c0a9749c60a07708c0f9afcdce018e593e9dd
NetworkActiv Web Server version 4.0 Pre-Alpha-3.7.2 suffers from a denial of service vulnerability.
ae999e04a2d6cad2f4feb9936d0cb7e68ca145d2af8ae75cb601034d777d684b
Trillian version 6.1 build 16 suffers from a denial of service vulnerability.
de1c928ac823ef63b75409805f390d7d899c22b7b4ae83f2cae9493ef4cc2258
Easy PhotoResQ version 1.0 suffers from a denial of service vulnerability.
530ffacf17eccf9b46ccbaa478307f09bd9e22ddc709d82f9b9879aec197f45d
Episerver version 7 patch 4 suffers from an XML external entity injection vulnerability.
8b0f7b7fc99768f17578cf411177580b97484e0238721108b9bab21d6906bb9f
phpMyAdmin version 4.7.x suffers from a cross site request forgery vulnerability.
e63d2dcc5948a45882c170f9e3e441a265cf1233d27f4dee8c082aeef27611e0
Skype Empresarial Office 365 version 16.0.10730.20053 suffers from a denial of service vulnerability.
3e7987d784144b91aefb2a14f3e9d598157afc82ba38c417a05ee061228b522d
Fathom version 2.4 suffers from a denial of service vulnerability.
0dec82d3853c0206aa051f2aebab003420da2318e53ea332a230c36bf05ba7ad
ipPulse version 1.92 suffers from a denial of service vulnerability.
757fca11190a6eac91650bbc13c30d046a73066d838969ef7a2d7e9bc3bb73bd
Immunity Debugger version 1.85 suffers from a denial of service vulnerability.
55126f64cfe33eccb0e42675260573e41004a57ba71a958ab55396c33a918134
NASA openVSP version 3.16.1 suffers from a denial of service vulnerability.
c5f81ebe30b415e4cbcb3fcee74be259abeee38d52ae92b7e454cc67a9980aef
System broadcasts by Android OS expose information about the user's device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
523ebc0e6847c2ff3858fa671185f0aded4e77fd712ecd694c1d059ae8df9760
Eaton Xpert Meter version 13.4.0.10 suffers from an SSH private key disclosure vulnerability.
9202527e403cd306b11b2ac0811f1dc28ab8b48ecd31c595d94593d5a1c8db5b