Prison Management System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
86134abe13930c15d9a0ec6d1f20f1dd3360b399fa96b4ae5b5821bcc9112abb
Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.
32be0fec962b67faf38d315a9d6d5a0c83204e2e599b0319b92fa81fc435926a
Online Medicine Ordering System version 1.0 suffers from an ignored default credential vulnerability.
7090509e3ce57fb3261f901f4ff5ef2de114d829ff21d92d10a1d57a383ca778
Online Discussion Forum Site version 1.0 suffers from an ignored default credential vulnerability.
92cd4f5555edbdf20382fd693914227b5cc4481eea37c2551c0e35cb1a803e77
LMS ZAI version 6.3 suffers from an ignored default credential vulnerability.
5e906c00d1ca8a906265bb98c2236832d82d0f3cc3a33174259834d98e4ae184
Ingredient Stock Management System version 1.0 suffers from an ignored default credential vulnerability.
a4c31731e3961ba07b1da4ca7b7273990ac0156f6765916f333ed048fa56ce25
ChatBot Application with a Suggestion Feature version 1.0 suffers from an ignored default credential vulnerability.
ec18e52270e06fbce388ad46550cdd2965590cfdcc8d8666221231be7c95b7af
Bhojon restaurant management system version 2.7 suffers from an insecure direct object reference vulnerability.
4141a17578239f97e0525152779108e69e6941844f0e6c5f4301e3e30bcbacc0
SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.
7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348
SLiMS CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
40690990f8e7a9d69ac2a7722849376b960091b3430423c391d36914318f58b7
StarTask CRM version 1.9 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6e2fd2cbf7c7bffe7c302d4b461bf6f489fbda9665b18dc56c36e3c574b89861
UBM CMS version 1.2 suffers from an insecure direct object reference vulnerability.
ca7cdb66f2dc41183a9aa7df2672ee5767e95408be450748fad9f7991aa97729
TAIF LMS version 5.8.0 suffers from a remote shell upload vulnerability.
ba349faa2be4ef714aa164c5655faad9e8a44e970f5e25e60f66cee08f658427
Vencorp version 2.1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1efa85ad70e114a1d0f8dac25bda7b473b55d33338cbdef57caf77c451658123
Webdenim AppUI version 1.0 suffers from an insecure direct object reference vulnerability.
3418251e6b23a29fe38369d103a67d4c4c7e084f78a767a8b4660ce397493457
Perten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.
92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2
LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.
ac6f91ffe20c571e57ac0c8a6aef0c5437b2d37e5f53c46ef41059f24100b7db
Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.
ed619defcb18f94880d7fdc150758b05fc052d89b88cf6c32eda99ac714a326b
PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.
567512dc29f3191d46966af5a6dd1339474aa567f65e1c6564dccda43acadad3
PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.
f7f012f0611c7ac312b6b0ad3df48db019ad64a1683b0a0e3c97146f444edd95
NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.
04959e224e4d66c86926b38e058df306a652f0dbf3a13e5a864ba731b33ed47c
Minfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.
c70371f0daa1616ffe4fc66938a433e31d91535c9593510fb4fccef1fdbc587e
eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.
55a4eca00e7267d8d4d5cdd94c2b99447eef8059c06cab914a3401ebda7966f2
This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43
This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.
3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8