This archive contains all of the 159 exploits added to Packet Storm in February, 2022.
c5a335ca98f983dd4a352b4d6bcfb1d53435b53de1f0eaa23926a056e7ae3e20A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation. This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to function on a wider range of Windows 10 targets.
9902434a58e36c7838c71ee860592d8624368fc1b380cf4c9ccf530f09895fd2This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary code. The issue has no CVE, although the technique was made public in 2018. This module uploads and executes stageless meterpreter as root. Uploading the application requires valid credentials. The default administrator credentials used to be root:root but newer firmware versions force users to provide a new password for the root user. The module was tested on an Axis M3044-V using the latest firmware (9.80.3.8: December 2021). All modules that support the "Apps" feature are presumed to be vulnerable.
3b946c3c32ffbe1237309479a6f3fbc02ff1259e17c42ed2ee33315e97a2b97eThis Metasploit module exploits an unauthenticated command injection in a variety of Hikvision IP cameras (CVE-2021-36260). The module inserts a command into an XML payload used with an HTTP PUT request sent to the /SDK/webLanguage endpoint, resulting in command execution as the root user. This module specifically attempts to exploit the blind variant of the attack. The module was successfully tested against an HWI-B120-D/W using firmware V5.5.101 build 200408. It was also tested against an unaffected DS-2CD2142FWD-I using firmware V5.5.0 build 170725. Please see the Hikvision advisory for a full list of affected products.
7bd3dd72f17285cba701691f5d8795c84e79f211db3e6ea8a840141f658935a5Casdoor version 1.13.0 suffers from a remote SQL injection vulnerability.
93062cdead6d8c30acd5f911a8c586515a0dee480dc4c1ced674d065a997669bCipi Control Panel version 3.1.15 suffers from a cross site scripting vulnerability.
868be8a473f07ef8b17ba1fb7a561625c3b8913ea800d024beeb177f822e4165WAGO 750-8212 PFC200 G2 2ETH RS suffers from a privilege escalation vulnerability.
be01109a1136b5015b1371e991c44772c948affadfbeb6d826fffcd6d452fad3Cobian Backup Gravity version 11.2.0.582 suffers from an unquoted service path vulnerability.
64e3a74be268225c622d589847ccf65815d277873fde892561818f6632661f33Cobian Backup 11 Gravity version 11.2.0.582 suffers from a denial of service vulnerability.
7cc796f5d2b9ff46619e6c2311da217d3c4465a40bc7151cf9164d8b4ee7cfefCobian Reflector version 0.9.93 RC1 suffers from a denial of service vulnerability.
06a66f18fc87a716d53e8170ada3441809054f1c9b46c353c76ccff80db6f707This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2. Note that authentication is required to exploit this vulnerability. The specific flaw exists due to the fact that the deny list for the ChainedSerializationBinder had a typo whereby an entry was typo'd as System.Security.ClaimsPrincipal instead of the proper value of System.Security.Claims.ClaimsPrincipal. By leveraging this vulnerability, attacks can bypass the ChainedSerializationBinder's deserialization deny list and execute code as NT AUTHORITY\SYSTEM. Tested against Exchange Server 2019 CU11 SU0 on Windows Server 2019, and Exchange Server 2016 CU22 SU0 on Windows Server 2016.
12eb99965a3f9b7bfde5c2c3d85628bf4f85bbe42475b654e2c35b7e33a8ccaaBank Management System version 1.0 suffers from a remote SQL injection vulnerability.
bb3fa2ada8dbb10e11f109d1e2eac74158f420d5db6279f49d675faf7e0c1040WordPress Photoswipe Masonry Gallery plugin version 1.2.14 suffers from a persistent cross site scripting vulnerability.
15996cc31605f93925a67eef5bab187429b2569dcdbb41553596502d78575f90Technitium Installer version 4.4 suffers from a dll hijacking vulnerability.
0e6484ed861f014968126a0f09091025cbefed6941d943a6fd29af9e7f51a890Dahua ToolBox version 1.010.0000000.0 suffers from a dll hijacking vulnerability.
13b6d80a27771213e1631636b6d01816a483271a35a812cf8beee915dd96e152Simple Mobile Comparison Website version 1.0 suffers from a remote SQL injection vulnerability.
695bf39dcd0d3744026fcb148bfc24bfa5cf5578621d80e3431287638536eca1Wondershare MirrorGo version 2.0.11.346 suffers from an insecure permissions vulnerability.
7c357903c71131608d611e554bd946d3f3f155a0d469502402e051e43742df02Backdoor.Win32.FTP.Ics malware suffers from an unauthenticated remote command execution vulnerability.
d9368ccc4a8fd4b5f3dda854e222ebc5ae5dc10045a57dd412c86583e418931cMicroweber CMS version 1.2.10 has a backup functionality that enables a local file inclusion vulnerability.
6142d8811062699f8f87ae6d18474182b73f39fe90ed87e4773e25f514102aa5Backdoor.Win32.FTP.Ics malware suffers from bypass and code execution vulnerabilities.
8228632ae6332bee91062ec6bf5f7866a70d1113d3701d1e68e3e13b0578ea43WebHMI version 4.1.1 suffers from an authenticated remote code execution vulnerability.
9ec2ea072428767210d471852bd4785bd1f9aab93fa6e35bbeb57de5af3141b1WebHMI version 4.1 suffers from a persistent cross site scripting vulnerability.
9a79ffd78086ac8526640817df8e0ee76209ca17e8ee700783f07c504cba1374Backdoor.Win32.FTP.Ics malware suffers from a man-in-the-middle vulnerability.
21776512323292d9d0b158b95e2fe53f5c45b4917e6c7fe28bef3e2db14366fcaaPanel version 6.8.21 suffers from a directory traversal vulnerability.
838b61a813c16c65297d3d287ef9a25859063ba41febc4861bb94ac896d0ba99Adobe ColdFusion version 11.0.03.292866 suffers from an LDAP Java object deserialization remote code execution vulnerability.
9d45f7b3775110c52e0ff7ea7328e525f75a0d7067c029a47386e51894bfa08f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed