This archive contains all of the 210 exploits added to Packet Storm in November, 2018.
628457ff65af9fb3debf826a32c79f4c0f5b18cb40950253854f779c802a6507
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it.
116bdb53e7d35e2318c64aa8641d121ced48eb91bde9f964beb39633e269de98
Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more.
9c2308d462e08188151b5811bf316c27b479ee4b0ffda09667d3a3e6d83074a1
Tarantella Enterprise versions prior to 3.11 suffer from an access control bypass vulnerability.
59d4ebbbea05011ff88766420702f8c2dafb0908c02498e7d43b760d1ce3aa40
Tarantella Enterprise versions prior to 3.11 suffer from a directory traversal vulnerability.
1faac68fc7546fad92fea083e6fe9d139ab5f2586fd75dc9512567d04e89bf3c
The fix Ubuntu applied to address the Ghostscript vulnerability identified in CVE-2018-16510 appears to be insufficient.
0ac0bf39a81253812182b1698273af4235df1fa484a59f5032b8a187be3fe340
There is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
787b477ccfcf4e5ec10751b188d5bc87141748ffcd37526a29a5654c900f7593
WebKit JSC has an issue where BytecodeGenerator::hoistSloppyModeFunctionIfNecessary does not invalidate the ForInContext object.
2751e0f6a8f902aff80fed20940889e7b425689a3222eb806fc6878759565dbc
There is a use-after-free vulnerability in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied. There are possibly two vulnerabilities triggerable by the same proof of concept included.
4d368e653a42596f0318f358cc51225567ac7ae3f445045de8e6e98d697a4007
WebKit JIT has type confusion bugs in ByteCodeParser::handleIntrinsicCall.
80230144bdea861cdd786d198f4417655144fdae813a68d336ee57b1a9cea2fd
When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every get_by_id expression taking the loop variable as the index is compared to the cached structure ID from the JSPropertyNameEnumerator object. If it's the same, the "this" object of the get_by_id expression will be considered having the same structure as the input object to the for-in loop has. The problem is, it doesn't have anything to prevent the structure from which the cached structure ID from being freed. As structure IDs can be reused after their owners get freed, this can lead to type confusion.
8f4f4959d722f37276fc6cd1ba9725d214fa2d1eafa97af721346d7487bda487
Moxa NPort W2x50A products with firmware version 2.1 Build_17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities.
0f86dde8e1c44108d2214acb30772974903fb5e2efa4f23d272a62cd0ca53b09
knc (Kerberised NetCat) versions before 1.11-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included.
5f21249af2b570413ccedbc2d38d69f7569143fd0ffd8e6431e4db2f29a7fb53
WordPress Events Calendar Premium plugin version 1.0 suffers from a database disclosure vulnerability.
383704f897617826c4fdc3af390d64e0b37907bf08dcf05be37a493b309db2f8
WordPress WP Complete Backup plugin version 3.0.5 suffers from a database backup disclosure vulnerability.
92c09b8545a80266ce8ccfa5cf484366783c4ebfe56b74dc62f2ba6e956cb5ec
WordPress Jazzy Forms plugin version 1.1.1 suffers from a database backup disclosure vulnerability.
9403666c8c643458d61b39b4df10497e4a2119781f40ecb04bbf328215296db3
WordPress pm_market plugin version 1.0 suffers from a database backup disclosure vulnerability.
49057b9856f52e7c1326bb6a40eec2adce2781ea4cc9af44a1dd3056fcc88fb0
WordPress wawp_framework plugin version 1.0 suffers from a database backup disclosure vulnerability.
8fbdbecfa3686c56da6732ca409952493ea81d7d040d9afd264b3e20d92f888b
WordPress Delme plugin version 3.0 suffers from a database backup disclosure vulnerability.
cdf0038016909bdc9fbbb6b0131d33c91251f0f21c5d2c20ada0f2c1d6a2a0d1
WordPress user-spam-remover plugin version 1.0 suffers from a database backup disclosure vulnerability.
545976aab87512242d5f58cedab4af05cef9bd274b86805b2ce96fac81605ad9
WordPress hwm_board plugin version 1.0 suffers from an arbitrary database download vulnerability.
92b1425f6c23ab281b94eb21d5263e062608fbbdc2a35ca2c23fdcc9108ea18c
WordPress uploadingdownloading-non-latin-filename plugin version 1.1.5 suffers from an arbitrary file download vulnerability.
53d7a94a9e18f3b4caddffdf4610c695553544082472c38337520f6df805ee5e
WordPress sermon-shortcodes plugin version 1.0 suffers from an arbitrary file download vulnerability.
219e65b364ab6c17799bc19d5963a1260774c9cf1f4e1d23c741dfdb9ef8ff14
WordPress allow-l10n-upload-filename plugin version 1.0 suffers from an arbitrary file download vulnerability.
ec3365bc1a665d76c716098268b6ade37ed13bab4bfe312cbba37e0708d626fd
Joomla Event Booking component version 3.8.3 suffers from a database backup disclosure vulnerability.
9acbedfbb61ff2ca14e2453561fdf51bad8d74534c4e7896822e5b073624529d