Prison Management System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
86134abe13930c15d9a0ec6d1f20f1dd3360b399fa96b4ae5b5821bcc9112abbMulti Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.
32be0fec962b67faf38d315a9d6d5a0c83204e2e599b0319b92fa81fc435926aOnline Medicine Ordering System version 1.0 suffers from an ignored default credential vulnerability.
7090509e3ce57fb3261f901f4ff5ef2de114d829ff21d92d10a1d57a383ca778Online Discussion Forum Site version 1.0 suffers from an ignored default credential vulnerability.
92cd4f5555edbdf20382fd693914227b5cc4481eea37c2551c0e35cb1a803e77LMS ZAI version 6.3 suffers from an ignored default credential vulnerability.
5e906c00d1ca8a906265bb98c2236832d82d0f3cc3a33174259834d98e4ae184Ingredient Stock Management System version 1.0 suffers from an ignored default credential vulnerability.
a4c31731e3961ba07b1da4ca7b7273990ac0156f6765916f333ed048fa56ce25ChatBot Application with a Suggestion Feature version 1.0 suffers from an ignored default credential vulnerability.
ec18e52270e06fbce388ad46550cdd2965590cfdcc8d8666221231be7c95b7afBhojon restaurant management system version 2.7 suffers from an insecure direct object reference vulnerability.
4141a17578239f97e0525152779108e69e6941844f0e6c5f4301e3e30bcbacc0SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.
7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348SLiMS CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
40690990f8e7a9d69ac2a7722849376b960091b3430423c391d36914318f58b7StarTask CRM version 1.9 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6e2fd2cbf7c7bffe7c302d4b461bf6f489fbda9665b18dc56c36e3c574b89861UBM CMS version 1.2 suffers from an insecure direct object reference vulnerability.
ca7cdb66f2dc41183a9aa7df2672ee5767e95408be450748fad9f7991aa97729TAIF LMS version 5.8.0 suffers from a remote shell upload vulnerability.
ba349faa2be4ef714aa164c5655faad9e8a44e970f5e25e60f66cee08f658427Vencorp version 2.1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
1efa85ad70e114a1d0f8dac25bda7b473b55d33338cbdef57caf77c451658123Webdenim AppUI version 1.0 suffers from an insecure direct object reference vulnerability.
3418251e6b23a29fe38369d103a67d4c4c7e084f78a767a8b4660ce397493457Perten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.
92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.
ac6f91ffe20c571e57ac0c8a6aef0c5437b2d37e5f53c46ef41059f24100b7dbQuick Job version 2.4 suffers from an insecure direct object reference vulnerability.
ed619defcb18f94880d7fdc150758b05fc052d89b88cf6c32eda99ac714a326bPPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.
567512dc29f3191d46966af5a6dd1339474aa567f65e1c6564dccda43acadad3PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.
f7f012f0611c7ac312b6b0ad3df48db019ad64a1683b0a0e3c97146f444edd95NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.
04959e224e4d66c86926b38e058df306a652f0dbf3a13e5a864ba731b33ed47cMinfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.
c70371f0daa1616ffe4fc66938a433e31d91535c9593510fb4fccef1fdbc587eeDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.
55a4eca00e7267d8d4d5cdd94c2b99447eef8059c06cab914a3401ebda7966f2This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.
3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed