This archive contains all of the 82 exploits added to Packet Storm in February, 2023.
1aac08f0f83c7b542b7b390b5edbc859493c3d548148a11d7a05d5876ea81befOsprey Pump Controller version 1.0.1 unauthenticated remote code execution exploit.
e3aa8cf09a10153c22c1fea563f19e0486760740b752b12095b5ec99f655864fWordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the process_form function.
0f2e9edbc08c03cd7f443a7a62b3cdd260180c0c579854b3c4252462f805ba7bOsprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.
3ff94000035eb0e3d7750af6a36a24cd3f59ddd0bf32adc49eed8270dae8c139WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from a cross site scripting vulnerability.
06de2ef6e3f65a11f5f3b433ba90619493f56918211d5fd46b33311a0fbd2e57Osprey Pump Controller version 1.0.1 allows an unauthenticated attacker to create an account and bypass authentication, thereby gaining unauthorized access to the system.
f96ac6802073d61b8a8224120fbbc475b78857a672615467fe07f5419f23785aOsprey Pump Controller version 1.0.1 suffers from a cross site scripting vulnerability.
c1bf05288bbed246cc644a8fdb368c0546ebbfbb0723ec8709bda8abbafeddfdOsprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the eventFileSelected HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.
db0ca77f3b6262f047a41f704f1fbcabf469fa7d9140d8fddf64e48fc5dc7ab1Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the userName HTTP POST parameter called by index.php script.
36296eda1780ae0ac70f0164496b08fb374f20a8169546a905c771704b399ab9Osprey Pump Controller version 1.0.1 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pseudonym HTTP POST parameter called by index.php script.
54e985965675a39585d65ec988986982607117a47b0151caf9326c6cb4e834f8WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.
71cc0997d47b4237116443379d1643e4dfca225ccadb88dfc2eb6ace59a58348Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the password cannot be changed through any normal operation of the device. The backdoor lies in the /home/pi/Mirage/Mirage_ValidateSessionCode.x ELF binary.
20dd59fb8eec86241f48a70c218c680f5b2d35a35df76e3261cbee08ab36c4c7Osprey Pump Controller version 1.0.1 suffers from an unauthenticated file disclosure vulnerability.
65257df0315232e3ca32b7770b12524374ecdcb6a15f818ee9379654da62abe3WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from an abuse of functionality vulnerability.
f1535eff0b81315058d6992830afb6c6a3fd93dd1f20337296cf856eac0989a0Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploiting clear-text transmission of sensitive data including session token in URL. Session ID predictability and randomness analysis of the variable areas of the Session ID was conducted and discovered a predictable pattern. The low entropy is generated by using four IVs comprised of username, password, ip address and hostname.
c8c912e59b9a37815a739a0d4d3f99c9a8dc498a0057fd0f61996c7efe006205The WoodMart premium theme for WordPress is vulnerable to unauthenticated arbitrary shortcodes injection in versions 7.1.0 and below. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
de2aa40fe8dba4c5a084d6b22e576b658c68d939a3add8dc105b5907ab7fc0f1ME-FI DOT version 2.2 suffers from a remote SQL injection vulnerability.
428c6bd51a140fa874116fd479c967d76a638201afd8b70fd1a6da904e4f894bME-FI DOT version 2.2 leaves default administrative credentials installed post installation.
f9c7eb95dda1e4a94b44017b51f7a25cea23a12d7e9ea2efa8af9043b921f1e9ChurchCRM version 4.5.3 suffers from a remote SQL injection vulnerability.
4d245e585f1ee50ce2d1767f3c1f045d2aecdea2352fb819e28fc89a56936b48ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account.
a23c3b2021225bfb676a55bbdeafbcf1689dc045c5b50ecbfacebfc7ffe2014bABUS Security Camera version TVIP 20000-21150 suffers from local file inclusion, hardcoded credential, and command injection vulnerabilities. When coupled together, they can be leveraged to achieve remote access as root via ssh.
92decaa3308d461393dc637c13861ced7bcb4cd43a2c333235f9835ee562ecb9kbase_csf_kcpu_queue_enqueue() locks the kctx->csf.kcpu_queues, looks up a pointer from inside that structure, then drops the lock before continuing to use the kbase_kcpu_command_queue that was looked up. This is a classic use-after-free pattern, where the lookup of a pointer is protected but the protective lock is then released without first acquiring any other lock or reference to keep the referenced object alive.
4fd61c0109d183f3b2a909d608ec4f7ebeb118f98b4d057a01a280c10f5a5339pfBlockerNG version 2.1.4_26 remote code execution exploit.
4ac7bffe74c29e0dabbff18d552da8d3e73678fb8ed2b4a6a73be8d67499aebcSimple Food Ordering System version 1.0 suffers from a cross site scripting vulnerability.
d45b72ba3cbe274c827044256c4b4168a57d0681e2452019badcd0d14e196de2Music Gallery Site version 1.0 suffers from multiple remote SQL injection vulnerabilities.
9704f940761214dcdecce1c26ad4d0916f8ff37567c16827a4d79794fdb77dc3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed