This archive contains all of the 159 exploits added to Packet Storm in August, 2019.
3dd8a39fc216f8df95e0ace7c9b1a9f4bbddd8c72944bec14883692d00f677abCisco (Titsco) Email Security Appliance (IronPort) C160 suffers from a host header injection vulnerability.
c39dc4b54f558e9618390cbfce70fd7a8832ce9236eb26d340893aaede098891Confluence Server versions 6.1.0 up to 6.6.16, 6.7.0 up to 6.13.7, and 6.14.0 up to 6.15.8 suffer from a file disclosure vulnerability.
63bb40486cc6b4b0d9ad286552ee4301273147e9803d97e67d4568a9f4d18289Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability.
9c150c77a9bce6accc3723843ec65700cdd8208915df10e20c19c5f97162c324Zyxel USG/UAG/ATP/VPN/NXC series suffer from an issue where a DNS request can be made by an unauthenticated attacker to either spam a DNS service of a third party with requests that have a spoofed origin or probe whether domain names are present on the internal network behind the firewall.
d1f54ec01ba5b00cfa34a2d4469ebf60d85f134038071b4ccda0eb845965f314An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server.
d8f9966f1cf6cfdad043939000c11dc5d57af44b55eeecde1c7d7957838c81b4DomainMod versions 4.13 and below suffer from a cross site scripting vulnerability.
9a77f200dfd9284cde8bc12162d2ecae0bf890cf467a7745345eb70d55467bb6Sentrifugo version 3.2 suffers from a persistent cross site scripting vulnerability.
8dea7b371326fb8468052218e1872aad7430951da5e6046ca8028361288c698bSentrifugo version 3.2 suffers from a file upload restriction bypass vulnerability.
b2ddc21cc34e199f03eedef6284b088fa2d72d49ab537de7e5b2543954cdb82fCanon PRINT version 2.5.5 suffers from a content provider URI injection vulnerability.
dcee22bdc054fa25db75dc967498a61dd74c7c4e8473502f78c6cd765b702afeVX Search Enterprise version 10.4.16 suffers from a User-Agent denial of service vulnerability.
60b99a7d14ce76ff859d716709231c8d1f25d64cb75f0399d5946a59cedde6f0WordPress WooCommerce Product Feed plugin versions 2.2.18 and below suffer from a cross site scripting vulnerability.
7ee650f72feb594831ea81668b440c5432a38be763e03140bfab5492b60b0070YouPHPTube version 7.4 suffers from a remote code execution vulnerability.
c852da415cdb99461bf905a3cb99585852af22f48fff8fe570f06294bdb68d86Easy MP3 Downloader version 4.7.8.8 suffers from a denial of service vulnerability.
671ab08abaabae5d4f64ce0841a94831e10eaa969212276ba7a2338810f61664SQL Server Password Changer version 1.90 suffers from a denial of service vulnerability.
bbc27cbf7d71b466a23989a55d074b52453f4374b992b76b635867bdad570c3cAsus Precision TouchPad version 11.0.0.25 suffers from denial of service and privilege escalation via pool overflow vulnerabilities.
781fa5fb4c090fbf82b363a4a66c005d97b1e04a7867c3bca917aeebee30c6faThis python script mints a .ps file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell.
c030abc642a4fc06451a399c9721d06640d3154f8771ff2127c3bd516db33192QEMU suffers from a denial of service vulnerability.
a7ace3948d40801e615564c65a1588dd104cf00c12897845832d6f387b26efdfPilusCart versions 1.4.1 and below suffers from a file disclosure vulnerability.
f8908a36266e411cbdc113acc916de9d269db31ab793db6595c6e0bbb98e674bJobberbase version 2.0 suffers from a remote SQL injection vulnerability.
2b83d68859013bc6ed71c264b4a1f6e1105169783e4a3c067eb12b60f7b8572aWebkit JSC JIT suffers from an uninitialized variable access vulnerability in ArgumentsEliminationPhase::transform.
13d8e2202cdebf7ff53e2e5906bdd6ba343e47a89003e53597579db4cb95bcdcCisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data suffer from default password, authentication bypass, and command injection vulnerabilities.
38e7a01258bfec09b0882ac7dbf7cd123357ef8737f810d17b3e0ebf1d0c844eJoomla version 2.5.28 with JomEstate component version 4.1 suffers from a remote SQL injection vulnerability.
61ab3acfecdebfd920fbaa36e2d768af550632f8eb37ce45974f6442d0ab958aJoomla version 1.0.15 with Easy GuestBook component version 1.0 suffers from a remote SQL injection vulnerability.
e34ccc99cb63a7ae6256b9dfe2a8b822378741f20fa917534a05320da115dcc5Outlook Password Recovery version 2.10 suffers from a denial of service vulnerability.
7def290697853aa29553f64be36b153e6a61f20c1e3faa6cdc4d1064a5f9eb71
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed