This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.
4fbf903ff9fa864b803fbd7d746a0b2a59de1e2222a5e9821f7d2bf7760f7166101news By Mayuri K version 1.0 suffers from multiple remote SQL injection vulnerabilities.
0aa619446a08f427a388e4aed69d3b3979519cb92cca7f63e154b95937a4c4bfMaterial Dashboard version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8e3470e914d0f948912ad5bed599f01e55d99eb26c655914c5b63455027dfcc8This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the tomcat user to root and fully compromise the target system.
0ac41921eb75c8008e9f94786db836a9f76e614d54c6925c606eecf1de5fb188Android Binder VMA management suffers from multiple security issues.
ab667a607662e113616863f74924dec25552f0f3627b28b830dcd1cef1dc0df9Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867dThis Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes.
4d81e8f2ae72805082f511a1afa0427bff321c86d10fa56019672dac926e51f8Dirty Cow arbitrary file write local privilege escalation exploit for macOS.
2c735a5dbdfd48004da2df38d8a8eed0528ab5199ff9cd6dbf70e890c7786c0cThis Metasploit module creates a local user with a username/password and root-level privileges. Note that a root-level account is not required to do this, which makes it a privilege escalation issue. Note that this is pretty noisy, since it creates a user account and creates log files and such. Additionally, most (if not all) vulnerabilities in F5 grant root access anyways.
ec59a3d52e4d78cf9bacb372140fcd5f2f2c8928aed87fa348ad1aed6d0bcde0Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component.
caf48bbfad39123ef07fb0bb705d943592ffa4c124bb8e5f2f2978fd30974220This archive contains all of the 130 exploits added to Packet Storm in January, 2023.
ea59f7d618d1f8fe8f750faa31ef909e70fc61e5274fef5dd74a9c65027bb7bfThis Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fceCommerce Marketplace Platform CMS version 1.7 suffers from a remote SQL injection vulnerability.
69e687c4a0d9df1eff0262dabcd54301b07d5a417b4f40ef540a439dfe252659eCommerce Marketplace Platform CMS version 1.7 suffers from a cross site scripting vulnerability.
dbb8c908b79f269effe2464df2de203b03719231d344c768a2cbef1efc7a7b05Online Eyewear Shop version 1.0 suffers from a remote SQL injection vulnerability.
7f480978af7f6cb6c10b388d9b0672e6417dbf34177646251736adbbcb0f145eControl Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
00cb85e5ab25f2d5091aa8c72d9d5252d08919dce9dbd37743bea7469e5dbc51PHPJabbers Business Directory Script version 3.2 suffers from a cross site scripting vulnerability.
d2557e411d456bd34555a2aacdc580e243ce6132afdd23ed9686aef6b539969ePHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.
a763dffdb3d9d66af1165c31dde196ceb865df88853aef37d01989c9d9427a14mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.
aa08068eda449c43f5c76d0ec56fca19930c2ac6719246bec693e3037f692da6This paper goes over common components of broadcast systems, how hackers take advantage of them, and discusses some of the vulnerabilities discovered.
1467a96747d9321ba7a659e074789337bc6efc1d4621b6ec26b5fdf38e1ca678PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.
692a826df097e4229d209944d70fe7f7799c532b5e037c41aba1f0ba9bebb91bZstore version 6.6.0 suffers from a cross site scripting vulnerability.
653905fd4efa9030f79aa84e990c72cb875f0be6933e755e36678f4aa2c9a0c8PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.
8fab16cdc74a1a2eec65f585cba5d399670dcb6b308f9255fea72f9fbd84df1aPHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.
ca11533d20acd6bee2a211d4e3de4c988afb414b29686bd6473042b4b019f864
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed