This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the ServiceDesk Plus SAML endpoint. Note that the target is only vulnerable if it has been configured with SAML-based SSO at least once in the past, regardless of the current SAML-based SSO status.
4fbf903ff9fa864b803fbd7d746a0b2a59de1e2222a5e9821f7d2bf7760f7166
101news By Mayuri K version 1.0 suffers from multiple remote SQL injection vulnerabilities.
0aa619446a08f427a388e4aed69d3b3979519cb92cca7f63e154b95937a4c4bf
Material Dashboard version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8e3470e914d0f948912ad5bed599f01e55d99eb26c655914c5b63455027dfcc8
This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the tomcat user to root and fully compromise the target system.
0ac41921eb75c8008e9f94786db836a9f76e614d54c6925c606eecf1de5fb188
Android Binder VMA management suffers from multiple security issues.
ab667a607662e113616863f74924dec25552f0f3627b28b830dcd1cef1dc0df9
Microsoft Windows suffers from a kernel memory corruption due to an insufficient handling of predefined keys in registry virtualization.
ded3419927998aaa3da4fea3f80263227d729920c448e2a3cf6f50b41f8c867d
This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes.
4d81e8f2ae72805082f511a1afa0427bff321c86d10fa56019672dac926e51f8
Dirty Cow arbitrary file write local privilege escalation exploit for macOS.
2c735a5dbdfd48004da2df38d8a8eed0528ab5199ff9cd6dbf70e890c7786c0c
This Metasploit module creates a local user with a username/password and root-level privileges. Note that a root-level account is not required to do this, which makes it a privilege escalation issue. Note that this is pretty noisy, since it creates a user account and creates log files and such. Additionally, most (if not all) vulnerabilities in F5 grant root access anyways.
ec59a3d52e4d78cf9bacb372140fcd5f2f2c8928aed87fa348ad1aed6d0bcde0
Oracle Database version 12.1.0.2 suffers from a privilege escalation vulnerability that achieves DBA access via the Spatial component.
caf48bbfad39123ef07fb0bb705d943592ffa4c124bb8e5f2f2978fd30974220
This archive contains all of the 130 exploits added to Packet Storm in January, 2023.
ea59f7d618d1f8fe8f750faa31ef909e70fc61e5274fef5dd74a9c65027bb7bf
This Metasploit module exploits a bug in io_uring leading to an additional put_cred() that can be exploited to hijack credentials of other processes. This exploit will spawn SUID programs to get the freed cred object reallocated by a privileged process and abuse them to create a SUID root binary that will pop a shell. The dangling cred pointer will, however, lead to a kernel panic as soon as the task terminates and its credentials are destroyed. We therefore detach from the controlling terminal, block all signals and rest in silence until the system shuts down and we get killed hard, just to cry in vain, seeing the kernel collapse. The bug affected kernels from v5.12-rc3 to v5.14-rc7. More than 1 CPU is required for exploitation. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
ddab5b3975fc82e2a23c5e4e05a57af4893abfbc613df02d507c1013c62dc088
If the vmwgfx driver fails to copy the fence_rep object to userland, it tries to recover by deallocating the (already populated) file descriptor. This is wrong, as the fd gets released via put_unused_fd() which shouldn't be used, as the fd table slot was already populated via the previous call to fd_install(). This leaves userland with a valid fd table entry pointing to a freed file object. The authors use this bug to overwrite a SUID binary with their payload and gain root. Linux kernel versions 4.14-rc1 - 5.17-rc1 are vulnerable. Successfully tested against Ubuntu 22.04.01 with kernel 5.13.12-051312-generic.
6360a81de99a383330c5955ece5414f2f3b254143f1a5b9246e669769aa929fc
eCommerce Marketplace Platform CMS version 1.7 suffers from a remote SQL injection vulnerability.
69e687c4a0d9df1eff0262dabcd54301b07d5a417b4f40ef540a439dfe252659
eCommerce Marketplace Platform CMS version 1.7 suffers from a cross site scripting vulnerability.
dbb8c908b79f269effe2464df2de203b03719231d344c768a2cbef1efc7a7b05
Online Eyewear Shop version 1.0 suffers from a remote SQL injection vulnerability.
7f480978af7f6cb6c10b388d9b0672e6417dbf34177646251736adbbcb0f145e
Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
00cb85e5ab25f2d5091aa8c72d9d5252d08919dce9dbd37743bea7469e5dbc51
PHPJabbers Business Directory Script version 3.2 suffers from a cross site scripting vulnerability.
d2557e411d456bd34555a2aacdc580e243ce6132afdd23ed9686aef6b539969e
PHPJabbers Auto Classifieds Script version 3.2 suffers from a cross site scripting vulnerability.
a763dffdb3d9d66af1165c31dde196ceb865df88853aef37d01989c9d9427a14
mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.
aa08068eda449c43f5c76d0ec56fca19930c2ac6719246bec693e3037f692da6
This paper goes over common components of broadcast systems, how hackers take advantage of them, and discusses some of the vulnerabilities discovered.
1467a96747d9321ba7a659e074789337bc6efc1d4621b6ec26b5fdf38e1ca678
PHPJabbers Car Park Booking System version 2.0 suffers from a cross site scripting vulnerability.
692a826df097e4229d209944d70fe7f7799c532b5e037c41aba1f0ba9bebb91b
Zstore version 6.6.0 suffers from a cross site scripting vulnerability.
653905fd4efa9030f79aa84e990c72cb875f0be6933e755e36678f4aa2c9a0c8
PHPJabbers Event Ticketing System Script version 1.0 suffers from a cross site scripting vulnerability.
8fab16cdc74a1a2eec65f585cba5d399670dcb6b308f9255fea72f9fbd84df1a
PHPJabbers Travel Tours Script version 1.0 suffers from a remote SQL injection vulnerability.
ca11533d20acd6bee2a211d4e3de4c988afb414b29686bd6473042b4b019f864