This archive contains all of the 185 exploits added to Packet Storm in November, 2020.
0a3f6f6217e08edc2471af5425fde885ebfe8dc01d793154acc327626c4a46f6
Intelbras Router RF 301K version 1.1.2 suffers from an authentication bypass vulnerability.
1dc3296f8dd9c607dad414af1792b5147a9b845f8c95f7bf14f26a224b62e92a
ATX MiniCMTS200a Broadband Gateway version 2.0 suffers from a credential disclosure vulnerability.
4f391b2963e5c7014ddce384774e5b9679690f0075f5ecbcb6b58d372faa399b
WordPress Heroic Knowledge Base plugin versions 3.0.1 and below appear to suffer from a remote SQL injection vulnerability.
abbd252677f7533da5cc1298cc8fa8bcb32160e8d940afb77841a6cc01b36e85
Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.
11597010e3b8cad51f0a39b33a57c570c529c92c6e9d26080a32c9bb7df2e68b
Rejetto HttpFileServer version 2.3.x remote command execution exploit.
310bea739ee1fac51d3f1db221d66f715bce9e829391ed0701992c620390aa02
YATinyWinFTP denial of service proof of concept exploit.
6ed4c0a237cb072b38d3b829300f5184e6baedda4df51b7929123eb3f6551b78
This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.
b437b66f2c8618f8c04df9a7df92d09d11a6da720c7f0e0b83b4d0ced50bc1b8
Heroic Knowledge Base plugin versions 3.0.1 and below suffer from persistent cross site scripting vulnerabilities.
7a4e093a939db6b56c79e6e18346713b5ddeb5c5860021e95d8bb302c85869ce
Ruckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.
2fc45c8213ab8a388fd2c506e46f5e8fbb43c9aeb2121714585a97c541d245b0
Best Support System version 3.0.4 suffers from a persistent cross site scripting vulnerability.
68c6369d65f3e57520f196002c91f012ad8285beaa85f031f7c8d94c780c736a
ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.
5707c5e52a89bad056708a3134f79220ebdb442a447b95cba37c95cdb026d117
WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.
5c77636e1392acaaefaad99cda395188e1f61fbc280e529b78e09a0273f56e6c
WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.
df164b02a712cca62c1fad6d88d073af2a72295ef861341c2f8f29ebd0a7522f
WordPress Wibar theme version 1.1.8 suffers from a persistent cross site scripting vulnerability.
73f96aeabdfa4a381657b79f0976b3d526818debc9211d2f5f20c4b775df343a
WordPress Age Gate plugin versions 2.13.4 and below suffer fro an open redirection vulnerability.
1fb8756a3c916898cce344aa523ef8ae14e2114dc3665716be68892817ef0afa
Laravel Administrator version 4 suffers from an unrestricted file upload vulnerability.
74c5803bba9337c9b7130818986ce55f061af3504d643ca424705c78c6549aea
Moodle version 3.8 suffers from an arbitrary file upload vulnerability.
a9cbe04e1ae5b0954fb4c068ffb620caf8091229eed4b6b20f3d1a233d82572c
SAP Lumira version 1.31 suffers from a persistent cross site scripting vulnerability.
c48f7f72a49c57ce6321d0329d4adddebc34c81e67fb458f34e70ccba7b45db2
ElkarBackup version 1.3.3 suffers from persistent cross site scripting vulnerabilities. This notes a variant attack vector for the original vulnerability discovered in this version in August of 2020 by Enes Ozeser.
85b8dd9cab007f4c219a94a6d9873e8c304ac23b448399fb72639ecae566bbaa
Fujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.
b3af4414170dbf11ae1b1458bbf73e808b24a2d1a81c195e28fd817a8d07cf3e
libupnp version 1.6.18 stack-based buffer overflow denial of service exploit.
c665463d311c71b0bbf8b9944f268c319f51af690479e42161c8e133fef477b0
BigBlueButton versions 2.2.29 and below suffer from an e-mail validation bypass vulnerability.
031d8375835a9747b86dc8685d2fd4290b1fa5a947e48f5e3c9779e9b80de1cc
Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution.
c1d19fe4193f259e8685a36f12856eafcb8136d66c5681732ef040037ed0b573
Pure-FTPd version 1.0.48 suffers from a denial of service vulnerability.
6f8f9a41e4fbb1c854299643cac0a0ea3ef97311952ba1c42dac8cb7b70e3b84