This archive contains all of the 49 exploits added to Packet Storm in November, 2023.
4561d62960af2b314e517143d1dd7755f08be850b2ef73095e45ff6f8970e680CE Phoenix version 1.0.8.20 remote code execution exploit written in Python.
442e8d9deeb16781dd142ed87c294e9454d90653e85fe286945812163a1c322bOnline Student Clearance System versions 1.0 and below suffer from a remote shell upload vulnerability.
c55fe1c8bc487499e2a14d9993102c3a4e9ac0513d390be3458030a9f0aec021WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.
514871b05ceb1ed65e97c420f4e9a96957ce2443102fd59ba2de86664048ea50The uninstaller in Fortra Digital Guardian Agent versions prior to 7.9.4 suffers from a cross site scripting vulnerability. Additionally, the Agent Uninstaller handles sensitive data insecurely and caches the Uninstall key in memory. This key can be used to stop or uninstall the application. This allows a locally authenticated attacker with administrative privileges to disable the application temporarily or even remove the application from the system completely.
d393eda92218fb28d4719259401d1db3e0731edb5b930170f2f951494d02fbc7etcd-browser version 87ae63d75260 suffers from a directory traversal vulnerability.
8456b0b8489b8c480ad32f464fbe163fc1fe87e4a533e2f02fd020993cf98140Loytec LINX-151 with firmware version 7.2.4 and LINX-212 with firmware version 6.2.4 suffer from file disclosure vulnerabilities that leak secrets as well as issues with stories secrets in the clear.
c8d887d4717b94c1aee40cf1ff1bea9d76d8c987065fd897b45f142808786003Loytec LINX Configurator version 7.4.10 suffers from insecure transit and cleartext hardcoded secret vulnerabilities.
2fb3f8f77e58786a2b8154d7b4ce1ea69b7a9be5791623aa4210e517a66a5857A dangling pointer vulnerability is present in WebRTC's PacketRouter due to an SDP SIM group SSRC from one track (e.g., video) colliding with an existing SSRC from a different track (e.g., audio). This inconsistency between the send_modules_map_ and the send_modules_list_ can lead to a use after free.
426fe7fd9743d7c7d9ba2167f870968aaad57ccdefafb8bca89ee26333cad8bem-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.
55d99668e130fe585eb26f5ac98889fe0cb5368f4185842bb3d4346adf9bd24bSmartNode SN200 versions 3.21.2-23021 and below suffer from a remote command execution vulnerability.
fc0d5c184e0cd12de9f88070f90cdbe9697833c1394af267f9cccc697c7a5470The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access. Firmware versions 2.01 and below are affected.
3449aff141402f4665fd423173623d011160d26c4468883c56ce200716f8753aosCommerce version 4 suffers from a cross site scripting vulnerability.
197c3173f23a907c40d117ce76d46f37a52dc01d9fef5c7d5ac0948750777b20PopojiCMS version 2.0.1 suffers from a remote command execution vulnerability.
4690b68382524a5e307f4959595bab234771a185215635cd8de7870dc873a1c6CSZ CMS version 1.3.0 suffers from a remote command execution vulnerability. Exploit written in Python.
33d0188f47e39d24568d45575c427440ebdfcfda56b06a56f85b27b6ec1593c7CE Phoenix version 1.0.8.20 suffers from an authenticated remote command execution vulnerability.
6d51b5136e64aff8910f534f9c1e00aa232c45cb68ff0c08d5def21fa927a0d1CE Phoenix version 1.0.8.20 suffers from a persistent cross site scripting vulnerability.
1c8c1238c4410cbe04c67a2d6d2f32a07a2415681a363c65c0c3238bb9d4fcfcPyroCMS version 3.0.1 suffers from a persistent cross site scripting vulnerability.
d5b4e223ba2b4dc49049ae6f6748eadea621716df965acc54efe367e1144d7a9CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.
b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19aWordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.
bfb7306b803b1acac19078db2972f3aa4724b44e3c44892d41946574771b0edaMagento version 2.4.6 XSLT server-side injection proof of concept exploit.
ae81950e2fc15cf464a8175e05b574b8b5b2ed4aba982fabb1e7d86affd1d181PHPJabbers Availability Booking Calendar version 5.0 suffers from multiple cross site scripting vulnerabilities.
7cf4da384ddf91888b28e80ca91dd483868925ffa51a0fa47fb2f70b641bd891PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability.
1a5e47cc48a53b2f6ce24557ed61fc375f9844fd5715973020417e71993dcae0GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.
69b4c989295e684f41164bf1381739b3ef737b45c20dc3c3a37046d2d3811dbdJorani Leave Management System version 1.0.2 suffers from a host header injection vulnerability.
bc2711283c28607516dfbaa6255081510178e2b648e462fc258213b1a077942b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed