This archive contains 166 exploits that were added to Packet Storm in October, 2015.
b0e2060471086003d6a269d4fb0e20b4fb3da221b127ef235b12e76ef3f37e9d
Python versions 3.4 and 3.5 suffer from a vulnerability caused by the behavior of the xmlparse_setattro() function. When called, the function uses the provided name argument in several conditional statements which assume that the name argument is a string. However, if a name argument is provided that is not a string, this logic will make several calls to PyUnicode_CompareWithASCIIString that expect a string, yet receive some other type of object, leading to a type confusion vulnerability.
2f285d0b1a031d0ca91b5be2513b66aa771b0b6b0abc07f26cece30a0372c084
Cisco's tools site suffered from multiple cross site scripting vulnerabilities.
1f9fd61e7de68f122c09b61c8fb1d95447232133a9e9981cbe4adf441844fcdc
Python 3.5 suffers from a vulnerability caused by the behavior of the time_strftime() function. When called, the function loops over the format string provided, using strchr to search for each instance of '%'. After finding a '%', it continues to search two characters ahead, assuming that each instance is the beginning of a well formed format string token. However, if a string ends with '%', this logic will result in a call to strchr that reads off the end of the format string buffer.
247c41f7b289418808f840d29093ddf7d7fec17408a6503c55ac90be7d7cdeb1
PHP Server Monitor version 3.1.1 suffers from a privilege escalation vulnerability.
aafa69a15ff0e3770a96c5012d8cb850bdb3fda9ba48a991cb0678d1cb2b0ff6
PHP Server Monitor version 3.1.1 suffers from a cross site request forgery vulnerability.
c6dd900ebf2986cd3b5ad60ba13c81ef576d594f7507b637176981a3472236fa
eBay Magento CE versions 1.9.2.1 and below and eBay Magento EE versions 1.14.2.1 and below suffer from an XXE injection vulnerability.
08393363d6670e33368d62daac52944168d2958ae3fd00c5baedaa4999a731b3
Pligg CMS version 2.0.2 suffers from multiple remote SQL injection vulnerabilities.
e653dc6b60d0a6774fd0c82028476bc1f4420abad29191536668539de8b9ec0b
Pligg CMS version 2.0.2 suffers from a directory traversal vulnerability.
6694394bbeb73a900ce2025bfc0707fad012282c2839712e6d1e324abee90990
Pligg CMS version 2.0.2 suffers from code execution and cross site request forgery vulnerabilities.
478975660e6f6564e0125792eaca49d4f8fc7ddb63e0f2f82e756f316270b0ce
Python 3.5 suffers from a vulnerability caused by the behavior of the scan_eol() function. When called, the function gets a line from the buffer of a BytesIO object by searching for a newline character starting at the position in the buffer. However, if the position is set to a value that is larger than the buffer, this logic will result in a call to memchr that reads off the end of the buffer.
11ad4ff03a7d48ad669798a540d150f6b9a96705027ddfb79905aac9959c3fc9
Code auditing discovered a Libstagefright integer overflow and heap corruption vulnerability in the Saio tag.
de3c115352c90fa8f2310b17c7ea48cfcb49051855371160b2525f16b5d92a47
Libstagefright integer overflow checks can be bypassed with extended chunk lengths.
15eceaf95482d14e738ec82c591c2ef6f10dc84faa2b08d52245a8476148b162
Oxwall version 1.7.4 suffers from a cross site request forgery vulnerability.
88ada6ac426249e6a52b83bd212e37b27d3c0891970c6b58a7203e704fd03a16
The Joomla JNews component suffers from a remote SQL injection vulnerability.
8287b68a05ca05664203c4326611ce19b973e1b007488fd368ffc02614c741c3
Mozilla's SETUP.exe suffers from a classic DLL injection vulnerability.
f0f3561003f9aad503eddd10d186760a70b521b4ca5d80ae51ab265713117c58
Serendipity version 2.0.2 suffers from a stored cross site scripting vulnerability.
bafb55dacc02a9d144ad9401ff63b71c1218bf0cd283d5b42f8f20c2e6d803e4
The Samsung m2m1shot driver framework is used to provide hardware acceleration for certain media functions, such as JPEG decoding and scaling images. The driver endpoint (/dev/m2m1shot_jpeg) is accessible by the media server. The Samsung S6 Edge is a 64-bit device, so a compatibility layer is used to allow 32-bit processes to provide structures that are expected by the 64-bit driver. There is a stack buffer overflow in the compat ioctl for m2m1shot.
b0c5900d4ce52a323271b9224cc5fd02fc37af255afea06a937e89a8d81fdecd
The Samsung Graphics 2D driver (/dev/fimg2d) is accessible by unprivileged users/applications. It was found that the ioctl implementation for this driver contains a locking error which can lead to memory errors (such as use-after-free) due to a race condition.
a3f38084cb1d4d13978aaba6602e9965fb1df0bed4c3c2f913708f75b9b78245
The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. It was found that this action required no permissions to call, and could lead to an unprivileged application gaining access to email content.
594870b3ae98a33494d0b1c1cfe743d48fcdc6e5eb9a57bb9891ab2068f4be75
A path traversal vulnerability was found in the WifiHs20UtilityService. This service is running on a Samsung S6 Edge device, and may be present on other Samsung device models. WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip, and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.
518c9bcbcc800ca3f2eabf30aca38ce8d0b16a83ab93ae8b359b37e023aa64a9
Joomla remote SQL injection mass exploitation tool that affects versions 3.2 through 3.44.
e74d1c2612f862d1907efcb6f9e66646454d21ba0f9e08e17b7c11c0ed22c84d
This Metasploit module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).
1959cf26f98a303dd73293b46328a6156cc9e858b22283d3803da877cf76e849
This Metasploit module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the php_uname() function.
a6cc00b9d3f5414b03d4d4a58644c38267378b49d138c71d6af4288198c8112c
articleFR version 3.0.l7 suffers from an arbitrary file read vulnerability.
f5c21447e511ce77030ac064707ce1de30ed4c18d8ee7ddeeede4dc751d03f3c