Proof of concept exploit that uses a use-after-free vulnerability due to a race condition in MIDI devices in Linux Kernel version 5.6.13.
5772575942e33bf0bb3f88209aeb358c538c5851a59e7ed25e4a63653b6b7cda
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which the researcher independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models.
ef155a55cc982cf4afc865e723a64f73dd992184a6af2b3f6fd8a54318748977
Backdoor.Win32.Symmi.qua malware suffers from a buffer overflow vulnerability.
0bc924461f903a4b4b69a0e094001ae59f6aed7881aa5a2aff5dfa55c34905b6
HackTool.Win32.Freezer.br (WinSpy) malware suffers from an insecure credential storage vulnerability.
574e327046bc7ed7b91b795a2eebcc7e87a001021d334845c357d1bc082517f0
Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.
8c8ad33e111ebd91632229baa25c24e2eb3101bf3951d070074c5b4618e78fcf
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) malware suffers from a code execution vulnerability.
efd34490081822962a9907289feb284b29b116cd83a6df573fe5cae3f6d09fb1
Backdoor.Win32.PoisonIvy.ymw malware suffers from an insecure credential storage vulnerability.
2a0b97e3b01f0c3a9c85e1a96ede18240c61b21ee538261305346eec34828cd5
Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.
e1c910902237872a9a7ebb40f19760f24f84f89e4b7e66a2979867c3d7860ef2
Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
db170b3ac31a17248bfa19e67220ae00449f12c6e02e1fc5d27c5fcdf490b79a
Tenant courier management version 1.0 suffers from an ignored default credential vulnerability.
e5bc487016d175a441c7e77bd92498997edbbd879dd65cd842a7fdf9320ae77f
Supply Chain Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
e470a8736045692eb5cfaa7bc4e77aaa4cc7c9beb8b335abd16a1b89d107b75e
Student Result Management System version 2.0 suffers from an insecure direct object reference vulnerability.
bda5efeeb9ed25bc54c10734b12e890e9b254852bf233042b1f26d7328107bff
Student Record System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
65197edb9fa8815555185ffcfdef263bccbd753949a90ec711337f13c2e0c060
Student Attendance Management System version 1.0 suffers from an arbitrary file upload vulnerability.
8301589003c010f20ac529eb42cbb71ab3534415a910f9e4049f5a4439af953d
Online Course Registration version 1.0 suffers from a remote blind SQL injection vulnerability.
33f34004d037922833768a63f88ac2eafd52901b044b79be249240c957b80608
Texas Instruments Fusion Digital Power Designer version 7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials.
7d2282798e3247a2123a5993d7d6d2cb77a3755e9e0270c916b57856fbfaf0ef
Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.
2c385d7b29ff2d1f0cadb673bff0447f2a27c839cc502710002b3eab58740544
Webpay E-Commerce version 1.0 suffers from a remote SQL injection vulnerability.
aab9cd23f27d0b380a30652d38f6b7294616ac5ba2a2caacad04babc8614cba6
SPIP version 4.2.9 suffers from a code execution vulnerability.
d4ed25b80a6fdd5de7edecd14eb96fe799d3bf844e756b0284c009a504280356
Online Traffic Offense version 1.0 suffers from a cross site request forgery vulnerability.
94fe5b823b710c5c6f181d6f318ef1740f7740edaddc57380ec3b9edff783886
Penglead version 2.0 suffers from a cross site scripting vulnerability.
4803b54886f3d92678ccb96aae5fd9a82832e85074cee13728faeb8279e61357
PPDB version 2.4-update 6118-1 suffers from a cross site request forgery vulnerability.
f9a7acddf2a8e87d760a0885cc5283d0764737fcf83a7d69b6cba9d514a0bf6e
Online Travel Agency System version 1.0 suffers from an arbitrary file upload vulnerability.
5d679af79681b3230bebbb01358d179220b220e1d69d8bcf6fa3c2dfc830be0f
This archive contains all of the 722 exploits added to Packet Storm in August, 2024. Please note the increase in size for this month is due to a massive backlog of older exploits being added to the archive and is not representative of an uptick in new issues being discovered.
134571b730367a368bd78e19cc2729522241ac88f947a572cd37314d9f37a24f
Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing exec_suid. No authentication needed at all, neither any interaction from the victim. The firmware affected by this exploit runs on fire alarms, burglar sensors and environmental devices, all on the internet, all vulnerable, no patch. Full control over hardware and software with no restrictions, you can manipulate battery voltage and even damage the hardware with unknown outcomes.
03f6a27dff52d1325441a14044dae92e43735378844d284aa4a56aa28a72abe1