This archive contains all of the 210 exploits added to Packet Storm in November, 2018.
628457ff65af9fb3debf826a32c79f4c0f5b18cb40950253854f779c802a6507This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it.
116bdb53e7d35e2318c64aa8641d121ced48eb91bde9f964beb39633e269de98Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.
9c2308d462e08188151b5811bf316c27b479ee4b0ffda09667d3a3e6d83074a1Tarantella Enterprise versions prior to 3.11 suffer from an access control bypass vulnerability.
59d4ebbbea05011ff88766420702f8c2dafb0908c02498e7d43b760d1ce3aa40Tarantella Enterprise versions prior to 3.11 suffer from a directory traversal vulnerability.
1faac68fc7546fad92fea083e6fe9d139ab5f2586fd75dc9512567d04e89bf3cThe fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.
0ac0bf39a81253812182b1698273af4235df1fa484a59f5032b8a187be3fe340There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object.
2751e0f6a8f902aff80fed20940889e7b425689a3222eb806fc6878759565dbcThere is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007WebKit JIT has type confusion bugs in ByteCodeParser::handleIntrinsicCall.
80230144bdea861cdd786d198f4417655144fdae813a68d336ee57b1a9cea2fdWhen a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every get_by_id expression taking the loop variable as the index is compared to the cached structure ID from the JSPropertyNameEnumerator object. If it's the same, the "this" object of the get_by_id expression will be considered having the same structure as the input object to the for-in loop has. The problem is, it doesn't have anything to prevent the structure from which the cached structure ID from being freed. As structure IDs can be reused after their owners get freed, this can lead to type confusion.
8f4f4959d722f37276fc6cd1ba9725d214fa2d1eafa97af721346d7487bda487Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.
0f86dde8e1c44108d2214acb30772974903fb5e2efa4f23d272a62cd0ca53b09knc (Kerberised NetCat) versions before 1.11-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included.
5f21249af2b570413ccedbc2d38d69f7569143fd0ffd8e6431e4db2f29a7fb53WordPress Events Calendar Premium plugin version 1.0 suffers from a database disclosure vulnerability.
383704f897617826c4fdc3af390d64e0b37907bf08dcf05be37a493b309db2f8WordPress WP Complete Backup plugin version 3.0.5 suffers from a database backup disclosure vulnerability.
92c09b8545a80266ce8ccfa5cf484366783c4ebfe56b74dc62f2ba6e956cb5ecWordPress Jazzy Forms plugin version 1.1.1 suffers from a database backup disclosure vulnerability.
9403666c8c643458d61b39b4df10497e4a2119781f40ecb04bbf328215296db3WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.
49057b9856f52e7c1326bb6a40eec2adce2781ea4cc9af44a1dd3056fcc88fb0WordPress wawp_framework plugin version 1.0 suffers from a database backup disclosure vulnerability.
8fbdbecfa3686c56da6732ca409952493ea81d7d040d9afd264b3e20d92f888bWordPress Delme plugin version 3.0 suffers from a database backup disclosure vulnerability.
cdf0038016909bdc9fbbb6b0131d33c91251f0f21c5d2c20ada0f2c1d6a2a0d1WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.
545976aab87512242d5f58cedab4af05cef9bd274b86805b2ce96fac81605ad9WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.
92b1425f6c23ab281b94eb21d5263e062608fbbdc2a35ca2c23fdcc9108ea18cWordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.
53d7a94a9e18f3b4caddffdf4610c695553544082472c38337520f6df805ee5eWordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.
219e65b364ab6c17799bc19d5963a1260774c9cf1f4e1d23c741dfdb9ef8ff14WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.
ec3365bc1a665d76c716098268b6ade37ed13bab4bfe312cbba37e0708d626fdJoomla Event Booking component version 3.8.3 suffers from a database backup disclosure vulnerability.
9acbedfbb61ff2ca14e2453561fdf51bad8d74534c4e7896822e5b073624529d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed