This archive contains all of the 185 exploits added to Packet Storm in May, 2021.
1c0d7e817f07af8f46fb7c2b8567c37b5af23753a28c210b08021255bb1ed2ba
IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.
392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911a
Backdoor.Win32.WinShell.a malware suffers from a code execution vulnerability.
2acfadfd50c717b16b09111c60577beb07fe2c6d4666c82b7fb0e69c5a129873
The document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.
7380c1055909d23c493abb4f5067d3428e536c6a0041025856be420b9c8732fb
PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.
f726aea9ab9a0663c00691675009247212802a4e2f78a7fb5cea2c34dc366e86
Backdoor.Win32.Whirlpool.a malware suffers from a buffer overflow vulnerability.
a7328f384cdc732a49e33d0569c16aeda57cadf3dcd1a21e7595ce4a1c88fa01
Backdoor.Win32.NetControl2.293 malware suffers from a code execution vulnerability.
2a63a0bd27bc876d26c73153ba8746836b037966ccf05fc460ac0181600cb7a1
Backdoor.Win32.Netbus.12 malware suffers from an information leakage vulnerability.
48d2d233dd3c0522e78191a1e92f861eadcd7f6a67bf56cb2e72f6192867f7fc
Backdoor.Win32.NerTe.772 malware suffers from a code execution vulnerability.
dc6f6de9e48d1c019f02244275891b5506c3ae3d7c532d5e4f3e8caef4170cc2
Backdoor.Win32.NerTe.772 malware suffers from bypass and code execution vulnerabilities.
fc4fe6e27b86fe9058ca95693b6b46fb8aa8171b7b7ecee3fc3554484033834c
Trojan.Win32.Scar.dulk malware suffers from an insecure permissions vulnerability.
cbd8ec549f7fbd1dd0daf13796d11776585e8b3c0ff98930ced6d586c8924356
Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
aaabb057afb92bb25d1dc9037d5a6c0fb333f4768b0c90b7a44651f47b7bcfa7
Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
fb3bf69481578dad07624872eec1f5d1da61660965e5ddb444e9193956929ed2
PHPFusion version 9.03.50 suffers from a remote code execution vulnerability.
0c1ea73a71c985e2370b23c0a29caa04d041fd12d0eccc6de21797149b8536e6
WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability.
20b27b98b2e22747764f7a39e413c4251aa23f2a701c00e2bc61df557d7309b3
Selenium version 3.141.59 remote code execution exploit.
31a04d36d587ab0a205023d11f001f9667bf27577d83ddca22b7e833833f61a8
An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP).
f6519f57eed331c93ca5644c3a83e240cb6fe2ee50133663e8ee3dad642af551
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.
ab0f31561d42610f5ba5969c33fa30d3f807865c8f1eaac846a5b376b04319c7
A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.
671f09dc7253e2fd4b96a2bd934c4db733ea5c114369ba82a1d81b35d72836f3
An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer.
2486beac57efb14715dc2756e1ddce5fd0beb0268fa52ef3547894a1a7be04a5
Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
df1716ceee1afc4991054f7d3e009a901d7b28289e89a2bebb461c0a64b3b1d9
API keys for CommScope Ruckus are included in the IoT Controller OVA image, and are exposed to attackers who mount the filesystem.
b4f5b79b878528d1365915db1dfcf08d2ea164bfda75ebc9baab1499e553cb33
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.
a8546049f222180c6bd593bbd28ea7a598ba7bbcd08ac8c48b4f8ac76357ba7c
Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.
3b6f367e28fda80ee9013841f4548d6f8dac15f5ef5c2407f7565d83c29588af
The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values in memory based on the QImage pixels, if QT is used to process untrusted images.
f89e3b09d6fb627d5b5269e3b5d3b0c770cd2aefc3bbd97c7b659ae459e07be2