This archive contains all of the 195 exploits added to Packet Storm in April, 2023.
405e6139b88516b8b8d310fa20e72af135bf83c73084dbec2de5761b29649a61
This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.
a97dc5c7910c67fbfa47a0a5ff5111b60ef4fc38c7f19bc191fb098243b227f6
Debian Linux Security Advisory 5394-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
7c593ae98e568ffa42c0e654714ca6a0478520b206d50511ae16e3d37a3b2919
Ubuntu Security Notice 6052-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed.
22556eb4fe1474689bc2a6c1eab4d4271beaa362c89a900b76a777c5f897b936
Ubuntu Security Notice 6051-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
8f3d3ba695803e924025f809e81f937f6354a99d3974142526b46598df33475c
CompanyMaps version 8.0 suffers from a persistent cross site scripting vulnerability.
aaac30b158267861d9289cde53dbc4edc83c2d121335a780eed8bf01a13b6fac
Ubuntu Security Notice 6048-1 - It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially crafted input to crash programs using the library.
e20bbb5af5fb0c406f73126eeb6cbcdcc74ec950c882da124143b56074856844
Ubuntu Security Notice 6050-1 - It was discovered that Git incorrectly handled certain commands. An attacker could possibly use this issue to overwriting some paths. Maxime Escourbiac and Yassine BENGANA discovered that Git incorrectly handled some gettext machinery. An attacker could possibly use this issue to allows the malicious placement of crafted messages. Andre Baptista and Vitor Pinho discovered that Git incorrectly handled certain configurations. An attacker could possibly use this issue to arbitrary configuration injection.
2fe94ad0f659c0d3f64d2d232c14f2698dfebe3cc57764cdf1c493b0eb6608b9
Ubuntu Security Notice 6049-1 - It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use this issue to cause Netty to exhaust memory via malicious input, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. It was discovered that Netty created temporary files with excessive permissions. A local attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, and Ubuntu 20.04 ESM.
7e20c4b100a01d5436fdc3d622df85ec25fc16ce3f77384791bc1e053d16f411
Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability. This exploit is a second version from the original author of the original exploit released in September of 2022.
e7a6810d6a70959199eb39d58ef19ffc0f717838c3bcbb82681904466d5ca0d6
AC Repair and Services version 1.0 suffers from a remote SQL injection vulnerability.
61ca067f3204dd60a28c5875c4c022cd31be78dd0d902d8f14cace50a68cc7d0
Ubuntu Security Notice 6037-1 - ZeddYu Lu discovered that the FTP client from Apache Commons Net trusted the host from PASV responses by default. A remote attacker with a malicious FTP server could redirect the client to another server, which could possibly result in leaked information about services running on the private network of the client.
01b105752cb4c4020af26703fc7f227551e768e10ef43699d4dd35b88c29075e
Old Age Home Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6dbc0dac3bea894598dae10e5fce781c47ae87adbd89ddb496e7eb7cfc60c6a7
Chitor CMS version 1.1.2 suffers from a remote SQL injection vulnerability. The rollno parameter is also susceptible to SQL injection. Original discovery of this finding is attributed to msd0pe in April of 2023.
78dad42d7298ef5d0716bb864dcc8bbd2338fcb72b229dd4f65720411723907f
Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a login bypass vulnerability.
460a71c5b1093240b5647e62c7f3da9e30ae22afdaf2e182c00e58fd99a484cf