This archive contains all of the 167 exploits added to Packet Storm in January, 2022.
59424b5985270be954c39ce70a7b75882e806ee381f7b65bb3be2aacbd31cd2bMoxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function web_CERMGMTUpload.
35bd8ec3c5b38937aa9d5775e8ed2feaacd3dfed7c92d6ae96cb03bf16903bcbMoxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted
2ac55dc0e94a52eae63ae9272eda3788cbe1002c37fa22d4db10498c8ab74404Backdoor.Win32.Tiny.c malware suffers from a code execution vulnerability.
35a3c52d44324e3f4cf2499f3c66332921189c063621280452bfaba99d06ed98HackTool.Win32.Muzzer.a malware suffers from a buffer overflow vulnerability.
54fcf39b94915d80d49f91a92a28c62be7c5742060e8f0336bbc7ddb4d902acaFetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.
39661448198dd708a96b67957a59b551619e612105aace960d22e309d08ca49dWordPress RegistrationMagic V plugin versions 5.0.1.5 and below suffer from a remote SQL injection vulnerability.
fc704ca5ead8ef607cb727b84f02e144261f21080490cda78592accedd147834WordPress Modern Events Calendar plugin versions 6.1 and below suffer from an unauthenticated remote SQL injection vulnerability.
2a932ef31add8a8654da477a713636c2c7a4dce620d21c2f35410be6a9281339PolicyKit-1 version 0.105-31 pkexec local privilege escalation exploit.
e763628c9543e4357ba4d5a9b7e1c341b905fc2157029c0da5fa8c50dd7a3baeOracle WebLogic Server suffers from a local file inclusion vulnerability. Versions affected include 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
201c7442b864057fc71cc40d8602d6406f7fb6b3d115cde62d9c902068b08cfaWordPress Mortgage Calculators WP plugin version 1.52 suffers from a persistent cross site scripting vulnerability.
474818bddeab1021d506b44b90761fa069e2d2dfb5abcb6e7835d3b35aa365eeThis archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a root shell, but makes /bin/bash suid, which will lead to trivial privilege escalation. Adjusting the single_start and modprobe_path offsets should allow it to work on most other Ubuntu versions that have kernel version 5.7 or higher; for versions between 5.1 and 5.7, the spray will need to be improved as in the kctf version. The exploitation strategy relies on FUSE and SYSVIPC elastic objects to achieve arbitrary write. The kctf version achieves code execution as the root user in the root namespace, but has at most 50% reliability - it is targeted towards Kubernetes 1.22 (1.22.3-gke.700). This exploitation strategy relies on pipes and SYSVIPC elastic objects to trigger a stack pivot and execute a ROP chain in kernelspace.
8f9e0a3bd934c75bb63bb75c98368d05ec18006a64e52a0bc3f9ae155f0b72c1Local privilege escalation exploit for a Linux kernel slab out-of-bounds write vulnerability. This exploit has been tested in an Ubuntu 21.04 Hirsute with kernel 5.11.0.
46970cc27a7bf55e660be14e1e0975df3058aefb276d3341c8fb2e841fe683c9Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit. Written in Go.
55be64db4ee1fc4cb9ff1188b66c70af217b5dc74fb821becc08afd02c1fcfb7Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034. Verified on Debian 10 and CentOS 7. Written in C.
5c59fb8b51079e3f956e9fcbe1974b3cbb587b1887064897119332a9ecf3f86aBackdoor.Win32.WinShell.50 malware suffers from a weak hardcoded password vulnerability.
374ae6f411437c6fa9b4bd0fa17ceb62f4d56867595083dfbe6aa80e472c8192Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit.
12d83236acbffaf0f0962a4bba1234b4a0a9221ec6681b9ef274c6a8a414398cThis Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.
4066544895b5150487b562aeb10cbead4ed40ccc1b2880b31c05f426293dbef2Ethercreative Logs plugin versions 3.0.3 and below for Craft CMS suffer from a path traversal vulnerability.
87f572c315e9b125698a490498f1baf715e21bedd53fb3675102015ce8c2e3baCosaNostra Builder WebPanel malware suffers from a cross site request forgery vulnerability.
ec4fcd3bb27459e79c9e2f4ec1eb45d3e4579f658838791c68981192a5cb2575uBidAuction version 2.0.1 suffers from a cross site scripting vulnerability.
a1f0a79b34e97ab696164e8135f25f2980a0c68d864191821a9fba8dd5352cf1Land Software's FAUST iServer versions 9.0.017.017.1-3 through 9.0.018.018.4 suffer from a local file inclusion vulnerability.
1940c0374c57a3ce5c29fb1b1586c473fe48cd03993e507d365564b0b210c462CosaNostra Builder WebPanel malware only uses straight MD5 to store passwords without any salt.
a1cb43b8fdf7fe4d67d73fbe81a9a875b8bc704f025788ffea568a290c5775f1Xerox Versalink printers suffer from a remote denial of service vulnerability using a specially crafted TIFF payload.
c5ca25038e516f362471c55d2acef950d200acca71cb6d5265ab1c2ea3227c3bCosaNostra Builder malware suffers from an insecure permissions vulnerability.
6ac2d987dd89e8d52954e26a83c2885d18e6c66d1f4376b26089db79e278495b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed