This archive contains all of the 185 exploits added to Packet Storm in November, 2020.
0a3f6f6217e08edc2471af5425fde885ebfe8dc01d793154acc327626c4a46f6Intelbras Router RF 301K version 1.1.2 suffers from an authentication bypass vulnerability.
1dc3296f8dd9c607dad414af1792b5147a9b845f8c95f7bf14f26a224b62e92aATX MiniCMTS200a Broadband Gateway version 2.0 suffers from a credential disclosure vulnerability.
4f391b2963e5c7014ddce384774e5b9679690f0075f5ecbcb6b58d372faa399bWordPress Heroic Knowledge Base plugin versions 3.0.1 and below appear to suffer from a remote SQL injection vulnerability.
abbd252677f7533da5cc1298cc8fa8bcb32160e8d940afb77841a6cc01b36e85Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.
11597010e3b8cad51f0a39b33a57c570c529c92c6e9d26080a32c9bb7df2e68bRejetto HttpFileServer version 2.3.x remote command execution exploit.
310bea739ee1fac51d3f1db221d66f715bce9e829391ed0701992c620390aa02YATinyWinFTP denial of service proof of concept exploit.
6ed4c0a237cb072b38d3b829300f5184e6baedda4df51b7929123eb3f6551b78This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.
b437b66f2c8618f8c04df9a7df92d09d11a6da720c7f0e0b83b4d0ced50bc1b8Heroic Knowledge Base plugin versions 3.0.1 and below suffer from persistent cross site scripting vulnerabilities.
7a4e093a939db6b56c79e6e18346713b5ddeb5c5860021e95d8bb302c85869ceRuckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.
2fc45c8213ab8a388fd2c506e46f5e8fbb43c9aeb2121714585a97c541d245b0Best Support System version 3.0.4 suffers from a persistent cross site scripting vulnerability.
68c6369d65f3e57520f196002c91f012ad8285beaa85f031f7c8d94c780c736aZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.
5707c5e52a89bad056708a3134f79220ebdb442a447b95cba37c95cdb026d117WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.
5c77636e1392acaaefaad99cda395188e1f61fbc280e529b78e09a0273f56e6cWordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.
df164b02a712cca62c1fad6d88d073af2a72295ef861341c2f8f29ebd0a7522fWordPress Wibar theme version 1.1.8 suffers from a persistent cross site scripting vulnerability.
73f96aeabdfa4a381657b79f0976b3d526818debc9211d2f5f20c4b775df343aWordPress Age Gate plugin versions 2.13.4 and below suffer fro an open redirection vulnerability.
1fb8756a3c916898cce344aa523ef8ae14e2114dc3665716be68892817ef0afaLaravel Administrator version 4 suffers from an unrestricted file upload vulnerability.
74c5803bba9337c9b7130818986ce55f061af3504d643ca424705c78c6549aeaMoodle version 3.8 suffers from an arbitrary file upload vulnerability.
a9cbe04e1ae5b0954fb4c068ffb620caf8091229eed4b6b20f3d1a233d82572cSAP Lumira version 1.31 suffers from a persistent cross site scripting vulnerability.
c48f7f72a49c57ce6321d0329d4adddebc34c81e67fb458f34e70ccba7b45db2ElkarBackup version 1.3.3 suffers from persistent cross site scripting vulnerabilities. This notes a variant attack vector for the original vulnerability discovered in this version in August of 2020 by Enes Ozeser.
85b8dd9cab007f4c219a94a6d9873e8c304ac23b448399fb72639ecae566bbaaFujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.
b3af4414170dbf11ae1b1458bbf73e808b24a2d1a81c195e28fd817a8d07cf3elibupnp version 1.6.18 stack-based buffer overflow denial of service exploit.
c665463d311c71b0bbf8b9944f268c319f51af690479e42161c8e133fef477b0BigBlueButton versions 2.2.29 and below suffer from an e-mail validation bypass vulnerability.
031d8375835a9747b86dc8685d2fd4290b1fa5a947e48f5e3c9779e9b80de1ccRazer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution.
c1d19fe4193f259e8685a36f12856eafcb8136d66c5681732ef040037ed0b573Pure-FTPd version 1.0.48 suffers from a denial of service vulnerability.
6f8f9a41e4fbb1c854299643cac0a0ea3ef97311952ba1c42dac8cb7b70e3b84
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed