This archive contains all of the 150 exploits added to Packet Storm in April, 2022.
308c93a4119d3e38af49bcea7afd2162357abf8f1f8689ed16e0b2bc4aa0de4e
Home Clean Service System version 1.0 suffers from a remote SQL injection vulnerability.
713a953a97cc2b254906ef14b96aecd818ac74f87d3c6e66fe86d43c4f287826
This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On a typical redis deployment (not docker), this module achieves execution as the redis user. Debian/Ubuntu packages run Redis using systemd with the "MemoryDenyWriteExecute" permission, which limits some of what an attacker can do. For example, staged meterpreter will fail when attempting to use mprotect. As such, stageless meterpreter is the preferred payload. Redis can be configured with authentication or not. This module will work with either configuration (provided you provide the correct authentication details). This vulnerability could theoretically be exploited across a few architectures: i386, arm, ppc, etc. However, the module only supports x86_64, which is likely to be the most popular version.
25990c6dc1f07a86ea2e834b9c66c011d9af3d483f0592ec3011de6f791bfa0a
Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.
dd2dc79c277146022bd841a6e3457f872018f219fbac2d90f8f9b9a7a5da6c35
Miele Benchmark Programming Tool versions 1.1.49 and 1.2.71 suffer from a privilege escalation vulnerability.
d9c54518c9774d14210fa309ae32ce7bf54eac2d1ed82cd249dec9506f8662c7
Backdoor.Win32.Agent.aegg malware suffers from a hardcoded credential vulnerability.
53f75d30a3e68a34d3ff3b8c12346375b8a937d60fb31ffaddd254aa7ebb9972
Trojan-Downloader.Win32.Agent malware suffers from an insecure permissions vulnerability.
ae8f3ba20d2bc86c8d5582c66c01389075677ff6a3c6b3d0b14a4c7de160bb24
Backdoor.Win32.GF.j malware suffers from a remote command execution vulnerability.
b1a0b3788ebf3189fc9856839cbb6a4e7b4cb2713556227380bc4d05ab71f4a0
Backdoor.Win32.Cafeini.b malware suffers from a man-in-the-middle vulnerability.
6ea04b9be8a714b935c785d50f095eed0d536a8bdcc3b0eaaa74d588e9b19a41
Backdoor.Win32.Cafeini.b malware suffers from a hardcoded credential vulnerability.
74d97c59d1843d49d5346c7ce7c52a1e4b3dccd23ebe9e70b420b7da4561bcd4
Trojan-Downloader.Win32.Small.ahlq malware suffers from an insecure permissions vulnerability.
350196a679952271a1b8644768524b4bf527b9e4f5ddeda4fe2c4c1f9b2934c4
Virus.Win32.Qvod.b malware suffers from an insecure permissions vulnerability.
87a174dfb171a84fb3fe42f523517a6a91517598c8c5fc4a5f22464dda1e6371
Email-Worm.Win32.Sidex malware suffers from a remote command execution vulnerability.
b3722025a9f25e3a5ec409d1add355bb760e54b81c881cd09f85f9f93a8ca0e6
Net-Worm.Win32.Kibuv.c malware suffers from an authentication bypass vulnerability.
19abd12c98e17d2a4909a274c49ee28ec3e233210634f6b76fb31712690429d8
Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
949be84608d28e27970c8245bf2a554a1d7bacb3e2ebe644ebb97328491fc4b5
Trojan-Banker.Win32.Banker.heq malware suffers from an insecure permissions vulnerability.
ef387db61428ff8d6e4c95704ea36c710cb194d1daa0bc32afd3292ca620a65e
Prime95 version 30.7 build 9 suffers from a buffer overflow vulnerability.
79bac0b7ca9b464728e6052f0272701247728bd55953b88870a22da80055f1bc
WordPress Curtain plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
dd409ca511bc0a28d91f8a872afb7a264e5d4cb727f4f0e12c12e46b3f19e402
WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
74b9ec56ae316f5978465b98643c80e1a1217fc29f5dac8d5a1a8f0f73c876b9
Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.
8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6
Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a bypass vulnerability due to having set a hardcoded password for accounts registered using an OmniAuth provider.
b9871a137c86a7af7a3f259af24481816299cde62d5eef695abcb78150bb320f
WordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.
1198ae90a0a19ceea8037a4ba1f3a90e0f447c7505ff7bf4fad7fd12b756e2b3
Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.
ab42ffe9b13364d13f5df75df35c253f1a2fd02683b400ca78e054e1a31cde69
WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
f800608c7b194924e95a7c7384d8c6cfc72b83e0e53783ec418dd1ccd53766ac
This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin" account to insert the malicious payload into the custom script fields. When a user resets their password or unlocks their account, the payload in the custom script will be executed. The payload will be executed as SYSTEM if ADSelfService Plus is installed as a service, which we believe is the normal operational behavior. This is a passive module because user interaction is required to trigger the payload. This module also does not automatically remove the malicious code from the remote target. Use the "TARGET_RESET" operation to remove the malicious custom script when you are done.
d91150e34529bee9dd92e87b3f063460c0b5e994a412c286b68d6cb26a58d358