This archive contains all of the 204 exploits added to Packet Storm in April, 2019.
4a01cacac03d4841d5a683061be52fdaddab7c7f1fa74f1294fed9a1d5f9d072This Metasploit module will run a payload when the package manager is used. No handler is run automatically so you must configure an appropriate exploit/multi/handler to connect. Module modifies a yum plugin to launch a binary of choice. grep -F 'enabled=1' /etc/yum/pluginconf.d/ will show what plugins are currently enabled on the system.
9ad4ebf5274d32a4ec5669f7650369e77279b0e58aed7f270adb6811aa5ef260This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring Cloud Config listens by default on port 8888.
39f19c1a165c51512a1ca99f92c17456b0d2f8470dbf6c008d92f912f1f1c01cHumHub version 1.3.12 suffers from a cross site scripting vulnerability.
833a078f74bc411708c3495ba863cad28419973cc7f3626a83783ba163375047Intelbras IWR 3000N version 1.5.0 proof of concept cross site request forgery exploit.
cf7ff25f03a131cf316c68a456b3d754f7ace15951e5f16103e4b453f998461bIntelbras IWR 3000N proof of concept denial of service exploit that triggers a remote reboot.
99dce382b8fdd144eab93a9768bfc2d33e27b1f398b46695f88cc3404f997809Domoticz versions 4.10577 and below suffer from an unauthenticated remote command execution vulnerability.
9179905040e0065103a3e0fea2732062a8d71d1efcdc16a1187881a7648b8496Veeam ONE Reporter version 9.5.0.3201 suffers from multiple persistent cross site scripting vulnerabilities.
f0325caeea7dbc072644dabcd22ddf217b800b7ca72a2a213022df33830844cdVeeam ONE Reporter version 9.5.0.3201 suffers from multiple cross site request forgery vulnerabilities.
7935f970ef5b73c6b987406afcc2e78937136d079446ccf0a9a736f8bc769a00Netgear DGN2200 and DGND3700 proof of concept administrative password disclosure exploit.
1ebbdd1c92e2e6c2d3be1f0ae4caf46fd96ca67370be6b729b67f566fd178d82Freefloat FTP Server version 1.0 suffers from a STOR remote buffer overflow vulnerability.
5ace81317af651efd44942f8b4bda80940a213f47e4a743b250a8d4ae5cfb76fFreefloat FTP Server version 1.0 suffers from a SIZE remote buffer overflow vulnerability.
583fd9120564a7a4274686a33c4957d70e7f4225537eb7b6cd60ae7f8a6491b4Revive Adserver versions prior to 4.2.0 suffers from deserialization and open redirection vulnerabilities.
78026c25e3a914b02abb72a3cdb24b90933a9d60bd9adec3c0931a7bb0710202Linux suffers from a missing locking between ELF coredump code and userfaultfd VMA modification.
673a7d5b5c8c34c1c31d9a3eff1b04dbcf78b701cc9cca3e53ef0c155170313fThis Metasploit module will execute an arbitrary payload on an "ESEL" server used by the AIS logistic software. The server typically listens on port 5099 without TLS. There could also be server listening on 5100 with TLS but the port 5099 is usually always open. The login process is vulnerable to an SQL Injection. Usually a MSSQL Server with the 'sa' user is in place. This module was verified on version 67 but it should also run on lower versions. An fixed version was created by AIS in September 2017. However most systems have not been updated. In regard to the payload, unless there is a closed port in the web server, you dont want to use any "bind" payload. You want a "reverse" payload, probably to your port 80 or to any other outbound port allowed on the firewall. Currently, one delivery method is supported This method takes advantage of the Command Stager subsystem. This allows using various techniques, such as using a TFTP server, to send the executable. By default the Command Stager uses 'wcsript.exe' to generate the executable on the target. NOTE: This module will leave a payload executable on the target system when the attack is finished.
4e45fd56c2526e9ec010441d375b5776dbcf5a8819b5ef299ef6e3dc30fd9290This Metasploit module creates a pre-invoke hook for APT in apt.conf.d. The hook name syntax is numeric followed by text.
1f668b2326d929a2db35db36bbceabf75db247b88b34a713c1e9a1f6b200a8b6This Metasploit module exploits a PHP unserialize() in Pimcore before 5.7.1 to execute arbitrary code. An authenticated user with "classes" permission could exploit the vulnerability. The vulnerability exists in the "ClassController.php" class, where the "bulk-commit" method makes it possible to exploit the unserialize function when passing untrusted values in "data" parameter. Tested on Pimcore 5.4.0-5.4.4, 5.5.1-5.5.4, 5.6.0-5.6.6 with the Symfony unserialize payload. Tested on Pimcore 4.0.0-4.6.5 with the Zend unserialize payload.
e9668485fecf0de5fb772aff42ff232d1d7e80b39adcab869e40e189d37c4459Agent Tesla Botnet suffers from an information leakage vulnerability.
fd014055fa6ce33f17efd4fe44c1b1487fb9df59b699edd8a675f4e98e75d9b5Joomla JiFile component version 2.3.1 suffers from an arbitrary file download vulnerability.
43201465a4ea1bb274530efb807aa3c77218a0bc672acbfb481b82d4406ee4b4SGI IRIX versions 6.4.x and below run-time linker (rld) arbitrary file creation exploit.
6f90ee10780f9ce1e84434cd416d1bb52ce40db82cd9f3b32770f230eec3040cAn information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to capitalize on this vulnerability.
7f0b91e87a564d26d824adbb7dffa763b108cfaa164e0f92e162509c11ca3762An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.
0bfeae904f970d08dabdaa8a014eee4efca75639721f7dd9c6b4b2fd1e02c43fJoomla ARI Quiz version 3.7.4 suffers from a remote SQL injection vulnerability.
b33d156f931af8bbe95f7353d1848f5fd43066c0a839b0a1560f0e769e1548cfAn exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.
b6b5e7d97f80e9991783d37c820d5a565fa0b7b7199695cec240963831c1d23cAn exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.
f3e9e439a12b70a96bfeb02d461beccb29bf0fda4eae49519ccb97a1479c0998
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed