This archive contains all of the 162 exploits added to Packet Storm in April, 2021.
a04091e61e7839d1a4c9159b51aa7cde9468bc893b095e74d64c17a04a96714a
This Metasploit module exploits a command injection vulnerability on login that affects Micro Focus Operations Bridge Reporter on Linux, versions 10.40 and below. It is a straight up command injection, with little escaping required, and it works before authentication. This module has been tested on the Linux 10.40 version.
86c50279de70c09dd3d6cb11b4b245b4e8b6b272a33434965e6bc86812dced42
This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations Bridge Manager 10.40. Earlier versions are most likely affected too. Note that this is only exploitable in Linux installations.
f916dce1d07e07e927e2802d2dca83cb6a07b9d397ca34c5d01f9b2245b2667b
OX App Suite versions 7.10.4 and below suffer from cross site scripting and server-side request forgery vulnerabilities. OX Guard versions 2.10.4 and below suffer from a denial of service vulnerability.
f79fdb3de2e0adf5d96f8bd0f53e9ea78572bc1ad06052cccf66726ab09192b0
Piwigo version 11.3.0 suffers from a remote SQL injection vulnerability.
533a62f1f8e0052145c4e4a3cc6e36248076593a3246e51e8c573ba2c3b42ec6
Backdoor.Win32.Agent.oj malware suffers from a code execution vulnerability.
8faeac759a05bb08486eda151fb354844f5f6baa709ab533fa8a32f7f70b7ef7
Microsoft Windows can dupe users into trusting executables with DLL hijacking and privilege escalation issues.
cb269dbc3308c3e9fbe0001388d76caee981689af8bcb73404441bdd457de392
Backdoor.Win32.Agent.oj malware suffers from a buffer overflow vulnerability.
8c8a79c42d3684955728d6f7686bdbb095f8f13153149e1a27e1a6280de557d0
Moodle version 3.6.1 suffers from a persistent cross site scripting vulnerability.
10b48eb14b6ab75c6cca96bf82b5960e18db998f04cd97bf856e58bca99bcedf
Backdoor.Win32.Agent.kte malware suffers from a buffer overflow vulnerability.
a7887dce90da6a772b91c0867e50b61c4a1907fe63ed8b6931a5095b5e2c1906
Backdoor.Win32.Agent.gmug malware suffers from a heap corruption vulnerability.
88399c2d9a4a3ecb689286c86845703121ea80b4bbcb96466285c0b81ea351ea
GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.
9eb9c61465681cef828940670f5a66c10bc60e1ed0055a7bd92271cfbcee572f
Backdoor.Win32.Agent.ggw malware suffers from a bypass vulnerability.
c52bcc6a9c74baab8584f1ee937aab5d3bc4311b75c55a5c5958da7c12fb02b7
Worm.Win32.Delf.hu malware suffers from an insecure permissions vulnerability.
6abbcbb6c16e555127af6d381336bf0beab2d7cb1f78f22cd669c983a5c78385
HEUR.Trojan.Win32.Bayrob.gen malware suffers from an insecure permissions vulnerability.
2f480d1b3c8516a6a6b58a12b785d20764d12fcc0e8ea1277b9aadf1006ce7e6
A new SAFER bypass was discovered that affects older versions of windows.
af2bc8f393023dfcfdbaf3b86d4f45468c9560916410eab2deed331e64585960
NodeBB Emoji plugin version 3.2.1 suffers from an arbitrary file write vulnerability.
b8efb1e731fd411b0d82d14ee601854ed4c4affe7d5760b5648cf818e59afbaa
Cacti version 1.2.12 remote code execution exploit that leverages a remote SQL vulnerability.
5599594befaf80c893938a8659f1ac8a0b62ce19e5b98e608838251275c379bd
Fog Project version 1.5.9 suffers from a remote shell upload vulnerability.
7e8cccd3841e142272092a1936ee9f391365414d6ca4534f3ca93844e16d8c1b
PFSense version 2.5.0 suffers from a persistent cross site scripting vulnerability.
02b3a89e00b1d86a0f7404761e5aeb0f3dd4630b2ce7e4c2b07ba93c7ea691c7
Android suffers from an out-of-bounds write in the NFC stack when handling MIFARE Classic TLVs.
95f7586d9c9572c817ae465d9365cac1a950277dfa2d9ddeb3aefcc41ac59f17
Backdoor.Win32.Agent.afq malware suffers from a heap corruption vulnerability.
f46ad9d6ff8413bc6b571690fc3661a3308a61b6a2b3b6ba4da2b61e6ce40019
Backdoor.Win32.Agent.afq malware suffers from a directory traversal vulnerability.
c61586efd542ab899a2ca890fdb49d1bd00571af2de1dcbeacaa29cef23b2fdf
Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and without notification or audit logging accessible in the UI to either the project owners or the public.
a9d09c7f970e183298b90b8052e3412ba79d05b1448bd2d0c9c5ff3dfc4ead5b
Backdoor.Win32.Agent.afq malware suffers from a missing authentication vulnerability.
66a256be78a2b1d91b956393409c7f0a32d982b983ecafe35a22a1891897363b