This archive contains all of the 185 exploits added to Packet Storm in May, 2021.
1c0d7e817f07af8f46fb7c2b8567c37b5af23753a28c210b08021255bb1ed2baIPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.
392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911aBackdoor.Win32.WinShell.a malware suffers from a code execution vulnerability.
2acfadfd50c717b16b09111c60577beb07fe2c6d4666c82b7fb0e69c5a129873The document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.
7380c1055909d23c493abb4f5067d3428e536c6a0041025856be420b9c8732fbPHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.
f726aea9ab9a0663c00691675009247212802a4e2f78a7fb5cea2c34dc366e86Backdoor.Win32.Whirlpool.a malware suffers from a buffer overflow vulnerability.
a7328f384cdc732a49e33d0569c16aeda57cadf3dcd1a21e7595ce4a1c88fa01Backdoor.Win32.NetControl2.293 malware suffers from a code execution vulnerability.
2a63a0bd27bc876d26c73153ba8746836b037966ccf05fc460ac0181600cb7a1Backdoor.Win32.Netbus.12 malware suffers from an information leakage vulnerability.
48d2d233dd3c0522e78191a1e92f861eadcd7f6a67bf56cb2e72f6192867f7fcBackdoor.Win32.NerTe.772 malware suffers from a code execution vulnerability.
dc6f6de9e48d1c019f02244275891b5506c3ae3d7c532d5e4f3e8caef4170cc2Backdoor.Win32.NerTe.772 malware suffers from bypass and code execution vulnerabilities.
fc4fe6e27b86fe9058ca95693b6b46fb8aa8171b7b7ecee3fc3554484033834cTrojan.Win32.Scar.dulk malware suffers from an insecure permissions vulnerability.
cbd8ec549f7fbd1dd0daf13796d11776585e8b3c0ff98930ced6d586c8924356Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
aaabb057afb92bb25d1dc9037d5a6c0fb333f4768b0c90b7a44651f47b7bcfa7Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.
0c1ea73a71c985e2370b23c0a29caa04d041fd12d0eccc6de21797149b8536e6WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.
20b27b98b2e22747764f7a39e413c4251aa23f2a701c00e2bc61df557d7309b3Selenium version 3.141.59 remote code execution exploit.
31a04d36d587ab0a205023d11f001f9667bf27577d83ddca22b7e833833f61a8An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
f6519f57eed331c93ca5644c3a83e240cb6fe2ee50133663e8ee3dad642af551The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.
ab0f31561d42610f5ba5969c33fa30d3f807865c8f1eaac846a5b376b04319c7A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.
671f09dc7253e2fd4b96a2bd934c4db733ea5c114369ba82a1d81b35d72836f3An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.
2486beac57efb14715dc2756e1ddce5fd0beb0268fa52ef3547894a1a7be04a5Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
df1716ceee1afc4991054f7d3e009a901d7b28289e89a2bebb461c0a64b3b1d9API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
b4f5b79b878528d1365915db1dfcf08d2ea164bfda75ebc9baab1499e553cb33Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.
a8546049f222180c6bd593bbd28ea7a598ba7bbcd08ac8c48b4f8ac76357ba7cPandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.
3b6f367e28fda80ee9013841f4548d6f8dac15f5ef5c2407f7565d83c29588afThe QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values in memory based on the QImage pixels, if QT is used to process untrusted images.
f89e3b09d6fb627d5b5269e3b5d3b0c770cd2aefc3bbd97c7b659ae459e07be2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed