This archive contains all of the 150 exploits added to Packet Storm in March, 2020.
b7358408d257fef08ad26edb42b282e510fde0b9ca1393f3bdd84eb54157c0bc
KandNconcepts Club CMS versions 1.1 and 1.2 suffer from cross site scripting and remote SQL injection vulnerabilities.
9070d2fd9497a64134d2ff0cc7de35672d08bf049d42764ee9daf8631da56815
Microsoft Windows 10 SMB version 3.1.1 SMBGhost local privilege escalation exploit.
6264aca1e467841faf26e69f8666d2ab3b3b4382fd866c93ace48782ed2ba071
DrayTek Vigor2960 version 1.3.1_Beta, Vigor3900 version 1.4.4_Beta, and Vigor300B versions 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta suffer from a remote command execution vulnerability.
da216e7a3bcdc0e7690df8ecec6a4e14c871f9c105b3e89a4e2c3f6a11e45588
FlashFXP version 4.2.0 build 1730 denial of service proof of concept exploit.
7c9be5ce1549e120d252b736596933bacef1869af90adfbb4b4be0fa1a2a3dc1
Grandstream UCM6200 Series CTI Interface versions 1.0.20.20 and below suffer from a remote SQL injection vulnerability.
fcf24eefeddb201c346536166ab265e01a1416b56845436fbce588e35ef4d37b
Grandstream UCM6200 Series WebSocket versions 1.0.20.20 and below suffer from a remote SQL injection vulnerability.
dbde0cbce4402b656e10575e77f62e63150d1c5371532197da758fe2d6e3a6a0
10-Strike Network Inventory Explorer version 9.03 Read-from-file buffer overflow exploit that uses SEH and ROP.
d9902b1b7f52b90b881ecd03566b14bdebeafb458532ad05ad92d0692856be5f
Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.
6bad29182a6bd3575ab9ca57bc52555b04aabb4cfdc488f7b87d996ef4ae786b
Zen Load Balancer version 3.10.1 suffers from a remote code execution vulnerability.
29c20561040a95db93c50db27ac160b719fa168e3166212b7e43c1092858f647
WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.
2029bbf836e7de4bb57eb88c7f5f10198718d2552a017080a1b57d33050ff81d
DesignMasterEvents CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
68ddabd38ad26973fa944fdad5a667cbba331245d7a590161e74580d356dcbb6
Odin Secure FTP Expert version 7.6.3 Site Info denial of service proof of concept exploit.
9237bd29aa749c0ee8fcd4e1c5a083c2943a4774708d940945375839849a0cb5
This Metasploit module can be used to leverage the extension functionality added since Redis 4.0.0 to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis which called replication between master and slave.
2714070c8deee280f0dce194081f510869dec8b4d01b5127d461fe882cd026f7
Micro Focus Vibe version 4.0.6 suffers from a cross site scripting vulnerability.
b704ace34d0c7e6b2d7922015fd9228515f6cebf2302a5f752c27dee84dfa06d
Micro Focus Vibe version 4.0.6 suffers from an html injection vulnerability.
5f9ffbfad0ad714375f7ca82a8f6f5eb5dd45f8670aa28158fa82ea9bff0d765
IBM Cognos TM1 Server / Planning Analytics Server (TM1) suffers from a configuration overwrite vulnerability that can be leveraged to achieve code execution as SYSTEM via TM1 scripting. Extensive research is included in this advisory as well as the Metasploit module.
7adaef0a254ef114813a1fd3002f76240f5426ebf3ada7a99fac67252f614370
This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin.
a2f0e8cf76051e688f4ad0f0c6c2006837b156b7ef27c777a6a73c0c8435e559
codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities.
ad369fec0c3f1233771579bb12bfb9e9b346a7907407bfb4a1a7b305585f8c55
rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.
286d169b9325c701681f3ca01b90d56974a51fe70471f6d1ba94a2d175b1f7a8
FreeCommander XE 2020 Build 810a 32-bit suffers from a pathname buffer overflow vulnerability.
60d82e33f0c7f4253ddc265c3479423769c54f1a48cc6ae26922cfd73df607d2
Webexcels Ecommerce CMS version 2.x suffers from cross site scripting and remote SQL injection vulnerabilities.
f1a0150ad98e19ccd148216e1b64e6e01d5ff4f6ed52d98077cbc41e152cfd9e
ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.
73b0a2baf1aadb4634e5d536bc7971dd31bccd2af7ff063bb87cdec4581c95e4
Everest version 5.50.2100 suffers from a denial of service vulnerability.
36a23f95e671ec254ef8be53b1fd8254508a51304b2e73a386a969ca04e36b72
Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.
7f1115d2ff0c58a48fbab34dd63f82c48ea7a10f0a6a907b670f9beb78aa1d49