This archive contains all of the 122 exploits added to Packet Storm in September, 2023.
0db101468348dcc7851002e0aeaf72c6832cf0d9e58336bd7a6cbcb448d62663Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
ac5f10b56496b87847c741037481ca75bcd2e582224891a5fdf49e523b421ad3Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.
b9b0622841f3107d917cdcd1705a85c49fc9e8558ff56a20647b6b895f6e0b05Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the transmitter.
45f211ad4dbcb54d00567ce51f651830505f6738b0f64c25cbfb2bd139946f03Electrolink FM/DAB/TV Transmitter suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super Administrator.
e8e96f31a1023ce46974a3cca9e6ecddcb46a5d4bf193e19d0b57cba7468729fElectrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password change.
3531396821530bd27b027935beb5b1f2474e4ce3397185218b36a45664af9f26Electrolink FM/DAB/TV Transmitter suffers from an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except NO to the Login Cookie and have full system access.
f3b6802c80c2e4cb69f633b371d2be514c2309082ed530b0515e8aec53377715Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.
70c3b999a4b5275db8acaed179b976a817ce1f31fa0e23701824e4518bde9dedThe Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.
c48f747f8c225e4d94444f4ed07ee6455c398bd62f471bedb496b0bc8746b94fGentoo Linux Security Advisory 202310-1 - Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Versions greater than or equal to 0.103.7 are affected.
ca1d69efc4a4e8857de6f7e66d60767c128e79bf7e3366220b15bc21ed14e66bDebian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.
a28c2d03163448e0e92324757faf8e3aa4ac5645fdda00d5756c2bf6e82c4a31Debian Linux Security Advisory 5511-1 - Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack.
1518e0099ccd906d33af69afafa10ef3ebd6d28f34c143d4f89b8e793d316b29Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
b20d2b9c74db28a00c07f090ee5b0241b2b684f3afdecccc6b8008931c557491Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
405a8ef4f4fdb4b2e5acdfa683735dd378fbfb67d3534ee2331748e62162fc10Gentoo Linux Security Advisory 202309-16 - Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.10 are affected.
ab9712587015dc8f77dfbf72fe294ede502a1c143ab940b07017ea46a539360cDebian Linux Security Advisory 5510-1 - Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed.
b4dcffb697fe696e6e00d091270e45177bfc156ae9ad8536bd789d4e459ada94jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.
90eb5b359e74a7af8e5bdb5cc5a8740bc57bb1ca10a3bece24054679d6da0016This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.
23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
86ddcc309764b6b66059868311e9f0b2422e461c8da2f228600256baa9c81ff0Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
73d931fd3d0a9ba4c7430142c4e60873dc6b90250043fa116b8116cf5495e494Debian Linux Security Advisory 5508-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
5550e68ba1d2b614ebdd9b77285dea84c54ce37ebdd27ec26f2df951e220f22cRed Hat Security Advisory 2023-5407-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a denial of service vulnerability.
4179d62a9ec66e932deb1b6ce88952b6618765a780b156ba61dcd557810018f1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed