In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs…

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as…

In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.

This archive contains all of the 88 exploits added to Packet Storm in October, 2022.

Ecommerce CodeIgniter Bootstrap version 1.0 suffers from a cross site scripting vulnerability.

In wolfSSL versions prior to 5.5.1, malicious clients can cause a buffer overflow during a resumed TLS 1.3 handshake. If an attacker resumes a previous TLS session by sending a…

Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.

Simple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.