Complete comprehensive archive of all 1,384 exploits added to Packet Storm in 2022.
7069a71c7743b7760efed9863e55ff54a9c668bbf6140d6eb8bf16981206280eThis archive contains all of the 82 exploits added to Packet Storm in December, 2022.
4c02657bd2bdfd6a09e83b0828804767c3a0d6e9f7adf724bc4f3e2b425611d9SugarCRM versions up to 12.2.0 suffer from a remote shell upload vulnerability.
74cace1b6e9afc52d16c5afdcecc42e3abd20dc7f1ccb5629f3f64b72179e905BDWeb-Link LMS version 1.11.5 suffers from a remote SQL injection vulnerability.
e35409b94c20ac1bcd1245d4197dc3ba55e45af59eec68fb48a654bc918974f4Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.
01732a937c344613efd7c1ef744f546511c874deecd845ef0ca2d232baf0e177The ProLink PRS1841 home router suffers from having a backdoor account.
3b3f62ff4e1b4590c8305809b96ee38b5562205c50d53c76fe183bb2b9098cc5Enlightenment version 0.25.3 suffers from a local privilege escalation vulnerability.
e93489fd26e004d0d8880e5321f8ef4bf09f86a9c280083061f1af59051648cfCourier Deprixa version 2.5 has been reported as having a default backdoor account.
3a121fed1fd3a0fe5e54d808739af402717fe948c5337a2d8d57899e47052bd6Consultine Consulting Business and Finance Website CMS version 1.8 has been reported as having a default backdoor account.
b01ff83e9023892637ef4b2ca2dc55c76008f96e63ddf7c00f0eff741fd7f0d6Car Dealer Pro version 2.01 has been reported as having a default backdoor account.
45070a286856c5480a1c62319dc30408713e7974d5b858a58996f94c6ecfb61fBotble version 5.28.3 has been reported as having a default backdoor account.
9019ea1efb9719d19fc427dcd03b1617a9e0de63cac0a7371971e4c48ffb951dActive Ecommerce CMS version 6.4.0 has been reported as having a default backdoor account.
ea72e7900caac2445ffc46c8240e581257d6110735dbf3603c06d5ae8f70953dStudent Attendance Management System version 1.0 from Erick O. Omundi suffers from multiple remote SQL injection vulnerabilities.
62ef7d730378e8b973e75259554b08cbf8e3e7b8cc4d125c4c7eb687d7f04befThe ProLink PRS1841 home router suffers from having a backdoor account.
466a821fd095cb459000dd568367e6da0699862ec141e5a07fa26f40fc62dad7This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.
7183104f20371379d7bbd3538dcce42a94117e14b0bb74805ced99f7bd85603fWordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.
dcd88dd9c8059a2065d4797ada28efaa82a7e64b25ece681f77bf1889891ddf7Stock Management System 2022 version 1.0 from Erick Cesar suffers from a remote SQL injection vulnerability.
ade07070843b1cd49c2828f05194f05b9d998ceca6cfae3ab368b539941ee210Eclipse Business Intelligence Reporting Tool versions 4.11.0 and below suffer from a bypass vulnerability that allows for remote code execution.
c55f3454bd72ca20861da343024e58d83bdc1baa9d2abb5c622862d863e3caba4images version 1.9 suffers from a remote command execution vulnerability.
d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557Senayan Library Management System version 9.2.2 suffers from a remote SQL injection vulnerability.
f7af79d3509654f87f10d70fc14489158f0fc5d15b14e68a07b6dd84284beddcSenayan Library Management System version 9.2.2 suffers from a cross site scripting vulnerability.
a42daddc99b237f0c25b45125b6a24724c3ae758e992662f9b72df6367cb74baSenayan Library Management System version 9.2.1 suffers from a remote SQL injection vulnerability.
b43d3ea700614ca6285fd7b06f551847d8afe67fa791d4885c4d4cf5d2c3569bSenayan Library Management System version 9.2.1 suffers from a cross site scripting vulnerability.
9096fc4667100a2d7dd34f901fff65d80f85d89e850661246005a61e8b88131dSenayan Library Management System version 9.2.0 suffers from a remote SQL Injection vulnerability.
da69dbdf49f98e004ab6d4ab943f10ed822f8397cd0adce8ec1fcabf65d49097Senayan Library Management System version 9.2.0 suffers from a cross site scripting vulnerability.
bbf79dfa3db00a917bf18658500d9b897202f962e2ffc3cfe435902cea4be74e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed