This archive contains all of the 142 exploits added to Packet Storm in May, 2022.
4cfc964188d16d4261475b9022169b0e9e9bdc05c5b81a3d5577f25e0b58d0fcThis Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).
b59589e32d8e76fd8a874fc6ea8f9b40d067ee43017c9072165e2a8ca889d7deProof of concept for the remote code execution vulnerability in MSDT known as Follina.
53ac1f74816b206d64cdb03e581a54d26e7aad446de7be2e6ecd1af77d47ebc2Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.
21dda01f8e88aa4687f62848057799f68aeaf508af81b73f3368b5656c8f92feFast Food Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability.
f7e3bfe2b6055902c2854c036cbb8c36e7bf630d5e1d2ceaaf2629e5cb4d4c8dSchneider Electric C-Bus Automation Controller (5500SHAC) version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up (init) script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with root privileges that will grant full control of the device.
369dcc204aec33824901fd4aa4857bc6bf66d576cc7b23a87a87ff67f445c639WordPress User Meta Lite and Pro plugin versions 2.4.3 and below suffer from a path traversal vulnerability.
9f5dfc7d061a12ed0156906753e063fd8b488898a8f4b2709039a9ee6f78125fIngredient Stock Management System version 1.0 suffers from an account takeover vulnerability.
ec7348c7ea40981571b3542540ba691bc12790f80da7ef325b3c3e3a10db0a85Ingredient Stock Management System version 1.0 suffers from a remote blind SQL injection vulnerability.
812877405ea0e76d72d7e4772f6c9f533edc2df0d65201ce055c9b60f7795d4dFast Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability.
8518a971cab0dde43baf3b5a9ad23a3139fcb7aaaf3e739e7c20225885b170fdTigase XMPP server suffers from a security vulnerability due to not escaping double quote character when serializing parsed XML. This can be used to smuggle (or, if you prefer, inject) an arbitrary attacker-controlled stanza in the XMPP server's output stream. A malicious client can abuse this vulnerability to send arbitrary XMPP stanzas to another client (including the control stanzas that are only meant to be sent by the server).
80c339179764f04e39876070e482957638cbcf822ccdb04b5cc72ea035585e1eChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.
686e2d50596cc3cee3dd66e0fc5f2a715094be5a79c099a547c49d3457af1129qdPM version 9.1 authenticated remote code execution exploit that leverages a path traversal.
3232c57ac453b2620e024f66156e77f94a31f69956a38912a194df206d7de228The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be running.
1720ad267b345d6b91409cdb01c0ab129fc9f485ac71c4c4a816698bd6351239Online Fire Reporting System version 1.0 suffers from a remote SQL injection vulnerability.
b1c3fcc5f6290ffd9b90335d1c772770c479498cbb069b16a94b8cc5ac381565CLink Office version 2.0 anti-spam management console suffers from a remote SQL injection vulnerability.
9676058a709b31daa10982fa1a10ec1523f7cda27a0244b0cd46de826a9d9647This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol. Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom's client and server in order to be able to "smuggle" arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack. Finally, by intercepting/modifying client update requests/responses, the victim client downloads and executes a malicious update, resulting in arbitrary code execution. A client downgrade attack is utilized to bypass signature check on the update installer. This attack has been demonstrated against the latest (5.9.3) client running on Windows 64-bit, however some or all parts of the chain are likely applicable to other platforms.
c5835f3651ef4f351fdd27038787c6bd633712398f3562132cf3224e2a0a5e16iTop versions prior to 2.7.5 authenticated remote command execution exploit.
a0b99a6ffb1e72f424f072c032f45fd3c9811762bc3e6fd6ab9132aafab59e6cm1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability.
2b47e9371ac01f9cd3b2a32ec2b181b1cd6add45c1a4c22f0a31ba5ce0bfacb1Blockchain FiatExchanger version 2.2.1 suffers from a remote blind SQL injection vulnerability.
bd6447df12937c57076ad4d0d5107320b3c62fd6546ee327bfacdb2dac5e077eBlockchain AltExchanger version 1.2.1 suffers from multiple remote SQL injection vulnerabilities.
768082d75640db5a3a48bae35e88f8cd7a20a4fd520ce42edba1191185d3d76eOpenCart Newsletter module version 3.0.2.0 suffers from a remote blind SQL injection vulnerability.
805fd6ad0c574d69c71ad237235b343f1513bb540e8cf4ad999d729138a8ac9bLinux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
9cbdb1ccc149a355b2d267a848a75d3513d0e33cb89787801e49bf0110235f37The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.
431dc815f86760913b7ea6a072291378a6fef4f738687bbc91541e8aa7a5a417LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
64fb0fffa85d330dbc47f539a594fa8fcad4c9362b419983c93474d08ba4e151
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed