Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.
f3ace4f4cb5b84a560a9593357976ec236f7e116327a16dffefa142cb8440217TX Text Control .NET Server For ASP.NET has an issue where it was possible to change the configured system path for reading and writing files in the underlying operating system with privileges of the user running a web application.
87daef249524395b391c7767b295ddf96c40db5d4fbd376c76c034cc5844d043Proof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.
5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.
df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ffHASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities.
08569aaf8d9ee2326579f45288b32f5dc1f2f9623687358b993634b1d5424d28WS02 versions 4.0.0, 4.1.0, and 4.2.0 are susceptible to remote code execution via an arbitrary file upload vulnerability.
88bbb0e549a78d6ccac8792066a572155603f8e8b352a29a78237e92f01cd2a7WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.
89ac429be4764b94bf641a570c41c31bddf5b9a683ddf1aeac67f0ca453b0bb8Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6.
cc940e99f4e4ef4ac83ab7b84fe7d3f90ff95549ed54049913abec4f7582bf85While parsing test result XML files with the TestRail CLI, the presence of certain TestRail-specific fields can cause untrusted data to flow into an eval() statement, leading to arbitrary code execution. In order to exploit this, an attacker would need to be able to cause the TestRail CLI to parse a malicious XML file. Normally an attacker with this level of control would already have other avenues of gaining code execution.
23defc505c60d8487fbaa6cc446dcdfe879f30097f49592151de5e51f416f7ffA vulnerability was identified in a ABB Cylon Aspect version 3.08.00 where an off-by-one error in array access could lead to undefined behavior and potential denial of service. The issue arises in a loop that iterates over an array using a less than or equals to condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets.
cf7a464a832c331d5e74a3f9a20a0ce04cd242617d7e01d8ab91b2b7fb424cd1Sysax Multi Server version 6.9.9 suffers from an SSH related denial of service vulnerability.
ebc9a93344fb5bef008bc0309e3cf33cd4eddd71fd9d24157cf66c96571e5f7bSysax Multi Server version 6.9.9 suffers from a cross site scripting vulnerability.
d688c8aa11a70ff0b0715421045afb02b7b5d18529b051e978c77bd918407bc5IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.
bbe5e2c1ca7d3b42c24076cc8aa46544dec9bd260d2ef8b56f24a6ec52ecd952IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected.
938bde01e4fdd9ce1c3698333190a685348457736b7db8df0f3db5ed879e5675ESET NOD32 Antivirus version 18.0.12.0 suffers from an unquoted service path vulnerability.
d48a31f2b811f4e6332d799099fcdee648d31c4c59eca77224f4eb7f01c7f161SQLite3 suffers from a stack buffer underflow condition in seriesBestIndex in the generate_series extension.
7e10b24906e04816e624fc48916e56477f071a9fab7ccffed58b4658d09bf483khugepaged in Linux races with rmap-based zap, races with GUP-fast, and fails to call MMU notifiers.
70b8b4891864d68dc660a11b7c18246507754b38f9be401d06a0d1879b3a45ccPing Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string).
794244004a3908d9cf0034a1a70db151caa9281755a9275a47220eac8338d52fABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.
accf80983115dc5908f4545001f436450bd05752c8b5b6b674a1efd83446277bThis archive contains all of the 128 exploits added to Packet Storm in October, 2024.
c5d403957b806b59fb6166e8d1326d5963ba8bbcdb7a6478a93b1ba29c457234SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.
c819a531ddac42276178e8777f908cca9b2430a5fef86c2ac4c3be219a2bd9e3SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.
454076f23b89f57e45086d97afc09d37ad082fe918f4d6e98b97f0605eece69eWordPress Automatic plugin versions 3.92.0 and below proof of concept exploit that demonstrates path traversal and server-side request forgery vulnerabilities.
1e3ab221180e7f26ab2127194c4584fbb6f05727c5578c16eb87089046795a1e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed