This archive contains all of the 150 exploits added to Packet Storm in April, 2022.
308c93a4119d3e38af49bcea7afd2162357abf8f1f8689ed16e0b2bc4aa0de4eHome Clean Service System version 1.0 suffers from a remote SQL injection vulnerability.
713a953a97cc2b254906ef14b96aecd818ac74f87d3c6e66fe86d43c4f287826This Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On a typical redis deployment (not docker), this module achieves execution as the redis user. Debian/Ubuntu packages run Redis using systemd with the "MemoryDenyWriteExecute" permission, which limits some of what an attacker can do. For example, staged meterpreter will fail when attempting to use mprotect. As such, stageless meterpreter is the preferred payload. Redis can be configured with authentication or not. This module will work with either configuration (provided you provide the correct authentication details). This vulnerability could theoretically be exploited across a few architectures: i386, arm, ppc, etc. However, the module only supports x86_64, which is likely to be the most popular version.
25990c6dc1f07a86ea2e834b9c66c011d9af3d483f0592ec3011de6f791bfa0aZepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.
dd2dc79c277146022bd841a6e3457f872018f219fbac2d90f8f9b9a7a5da6c35Miele Benchmark Programming Tool versions 1.1.49 and 1.2.71 suffer from a privilege escalation vulnerability.
d9c54518c9774d14210fa309ae32ce7bf54eac2d1ed82cd249dec9506f8662c7Backdoor.Win32.Agent.aegg malware suffers from a hardcoded credential vulnerability.
53f75d30a3e68a34d3ff3b8c12346375b8a937d60fb31ffaddd254aa7ebb9972Trojan-Downloader.Win32.Agent malware suffers from an insecure permissions vulnerability.
ae8f3ba20d2bc86c8d5582c66c01389075677ff6a3c6b3d0b14a4c7de160bb24Backdoor.Win32.GF.j malware suffers from a remote command execution vulnerability.
b1a0b3788ebf3189fc9856839cbb6a4e7b4cb2713556227380bc4d05ab71f4a0Backdoor.Win32.Cafeini.b malware suffers from a man-in-the-middle vulnerability.
6ea04b9be8a714b935c785d50f095eed0d536a8bdcc3b0eaaa74d588e9b19a41Backdoor.Win32.Cafeini.b malware suffers from a hardcoded credential vulnerability.
74d97c59d1843d49d5346c7ce7c52a1e4b3dccd23ebe9e70b420b7da4561bcd4Trojan-Downloader.Win32.Small.ahlq malware suffers from an insecure permissions vulnerability.
350196a679952271a1b8644768524b4bf527b9e4f5ddeda4fe2c4c1f9b2934c4Virus.Win32.Qvod.b malware suffers from an insecure permissions vulnerability.
87a174dfb171a84fb3fe42f523517a6a91517598c8c5fc4a5f22464dda1e6371Email-Worm.Win32.Sidex malware suffers from a remote command execution vulnerability.
b3722025a9f25e3a5ec409d1add355bb760e54b81c881cd09f85f9f93a8ca0e6Net-Worm.Win32.Kibuv.c malware suffers from an authentication bypass vulnerability.
19abd12c98e17d2a4909a274c49ee28ec3e233210634f6b76fb31712690429d8Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
949be84608d28e27970c8245bf2a554a1d7bacb3e2ebe644ebb97328491fc4b5Trojan-Banker.Win32.Banker.heq malware suffers from an insecure permissions vulnerability.
ef387db61428ff8d6e4c95704ea36c710cb194d1daa0bc32afd3292ca620a65ePrime95 version 30.7 build 9 suffers from a buffer overflow vulnerability.
79bac0b7ca9b464728e6052f0272701247728bd55953b88870a22da80055f1bcWordPress Curtain plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
dd409ca511bc0a28d91f8a872afb7a264e5d4cb727f4f0e12c12e46b3f19e402WordPress Coru LFMember plugin version 1.0.2 suffers from a persistent cross site scripting vulnerability.
74b9ec56ae316f5978465b98643c80e1a1217fc29f5dac8d5a1a8f0f73c876b9Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a persistent cross site scripting vulnerability.
8cb78a3472e539403d6d39fd3ad3b5fdeb25087820f659a117ceeeb4ad1a58b6Gitlab versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.7 prior to 14.7.7 suffer from a bypass vulnerability due to having set a hardcoded password for accounts registered using an OmniAuth provider.
b9871a137c86a7af7a3f259af24481816299cde62d5eef695abcb78150bb320fWordPress WP-Invoice plugin version 4.3.1 suffers from a persistent cross site scripting vulnerability.
1198ae90a0a19ceea8037a4ba1f3a90e0f447c7505ff7bf4fad7fd12b756e2b3Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.
ab42ffe9b13364d13f5df75df35c253f1a2fd02683b400ca78e054e1a31cde69WordPress ScrollReveal.js Effects plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
f800608c7b194924e95a7c7384d8c6cfc72b83e0e53783ec418dd1ccd53766acThis Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin" account to insert the malicious payload into the custom script fields. When a user resets their password or unlocks their account, the payload in the custom script will be executed. The payload will be executed as SYSTEM if ADSelfService Plus is installed as a service, which we believe is the normal operational behavior. This is a passive module because user interaction is required to trigger the payload. This module also does not automatically remove the malicious code from the remote target. Use the "TARGET_RESET" operation to remove the malicious custom script when you are done.
d91150e34529bee9dd92e87b3f063460c0b5e994a412c286b68d6cb26a58d358
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed