PS Exploit News

Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  1. Product Key Explorer 4.2.0.0 Key Denial Of Service

    Product Key Explorer version 4.2.0.0 suffers from a Key denial of service vulnerability.
  2. Adobe Acrobat Reader DC For Windows Memory Corruption

    Adobe Acrobat Reader DC for Windows suffers from a heap-based memory corruption vulnerability due to malformed TTF font handling.
  3. AppXSvc 17763 Arbitrary File Overwrite

    AppXSvc 17763 suffers from an arbitrary file overwrite vulnerability.
  4. Product Key Explorer 4.2.0.0 Name Denial Of Service

    Product Key Explorer version 4.2.0.0 suffers from a Name denial of service vulnerability.
  5. Lenovo Power Management Driver Buffer Overflow

    Lenovo Power Management Driver suffers from buffer overflow vulnerability.
  6. vBulletin 5.5.4 Remote Command Execution

    This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
  7. DAViCal CalDAV Server 1.1.8 Reflective Cross Site Scripting

    DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.
  8. DAViCal CalDAV Server 1.1.8 Cross Site Request Forgery

    DAViCal CalDAV Server versions 1.1.8 and below suffer from a cross site request forgery vulnerability.
  9. DAViCal CalDAV Server 1.1.8 Persistent Cross Site Scripting

    DAViCal CalDAV Server versions 1.1.8 and below suffer from a persistent cross site scripting vulnerability.
  10. Apache Olingo OData 4.6.x XML Injection

    Apache Olingo OData versions 4.x.x through 4.6.x suffer from an XML external entity injection vulnerability.
  11. Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials

    Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from a hard-coded credential vulnerability.
  12. Inim Electronics Smartliving SmartLAN/G/SI 6.x SSRF

    Inim Electronics Smartliving SmartLAN/G/SI versions 6.x and below suffer from an unauthenticated server-side request forgery vulnerability.
  13. Inim Electronics SmartLiving SmartLAN/G/SI 6.x Remote Root

    Inim Electronics SmartLiving SmartLAN/G/SI versions 6.x and below suffer from a remote root command execution vulnerability.
  14. WordPress Scoutnet Kalender 1.1.0 Cross Site Scripting

    WordPress Scoutnet Kalender plugin version 1.1.0 suffers from a cross site scripting vulnerability.
  15. Oracle Siebel Sales 8.1 Cross Site Scripting

    Oracle Siebel Sales version 8.1 suffers from a persistent cross site scripting vulnerability.
  16. Alcatel-Lucent Omnivista 8770 Remote Code Execution

    Alcatel-Lucent Omnivista 8770 suffers from a remote code execution vulnerability.
  17. Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting

    Snipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.
  18. PRO-7070 Hazir Profesyonel Web Sitesi 1.0 SQL Injection

    PRO-7070 Hazir Profesyonel Web Sitesi version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  19. SpotAuditor 5.3.2 Local Buffer Overflow

    SpotAuditor version 5.3.2 Base64 local buffer overflow SEH exploit.
  20. Microsoft Windows Windows 10 UAC Bypass

    Proof of concept exploit that demonstrates a Microsoft Windows 10 UAC bypass for all executable files which are autoelevate true.
  21. Mozilla Firefox Windows 64-Bit Chain Exploit

    This is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the parent process and CVE-2019-11708 to trick the parent process into browsing to an arbitrary URL.
  22. OkayCMS 2.3.4 Remote Code Execution

    OkayCMS versions 2.3.4 and below suffer from remote code execution vulnerability.
  23. SiteVision 4.x / 5.x Remote Code Execution

    SiteVision suffers from an issue where attackers may execute arbitrary code as root on the target server after gaining access to a low-privilege account. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
  24. SiteVision 4.x / 5.x Insufficient Module Access Control

    SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.
  25. Yachtcontrol 2019-10-06 Remote Code Execution

    Yachtcontrol versions dated 2019-10-06 suffer from an unauthenticated remote code execution vulnerability.
Новое на форуме