This archive contains all of the 180 exploits added to Packet Storm in November, 2019.
>> CATEGORY: exploit
SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vulnerabilities.
Allied Telesis AT-GS950/8 up until firmware AT-S107 version 1.1.3 [1.00.047] suffers from a directory traversal vulnerability.
NAPC Xinet (interface) Elegant 6 Asset Library version 6.1.655 allows pre-authentication error-based SQL injection via the /elegant6/login LoginForm[username] field when double quotes are used.
Microsoft Excel 2016 version 1901 suffers from an XML external entity injection vulnerability.
Max Secure Anti Virus Plus version 19.0.4.020 suffers from an insecure permission vulnerability.
Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities.
WordPress version 5.3 suffers from a username enumeration vulnerability.
TexasSoft CyberPlanet version 6.4.131 suffers from a CCSrvProxy unquoted service path vulnerability.
GHIA CamIP version 1.2 for iOS suffers from a denial of service vulnerability.