This archive contains all of the 68 exploits added to Packet Storm in July, 2022.
c40f5c1b549322f0f9faaf591fa292bd86ce6c07fd6393924b132354a134af3e
Transposh WordPress Translation versions 1.0.8.1 and below have a "save_transposh" action available at "/wp-admin/admin.php?page=tp_advanced" that does not properly validate the "Log file name" allowing an attacker with the "Administrator" role to specify a .php file as the log destination. Since the log file is stored directly within the "/wp-admin" directory, executing arbitrary PHP code is possible by simply sending a crafted request that gets logged.
8347827a18239dee9d623ea317bc7751b1e867031f7d4bbe6349594f42f4006f
Transposh WordPress Translation versions 1.0.8.1 and below have a "tp_editor" page at "/wp-admin/admin.php?page=tp_editor" that is vulnerable to two authenticated, blind SQL injections when user-supplied input to the HTTP GET parameters "order" and "orderby" is processed by the web application.
6ffce07022d6d645854345ed70ea8823b6aaf618f4db874a0b2b20afa74331a3
Transposh WordPress Translation versions 1.0.8.1 and below do not properly enforce authorization on functionalities available on the plugin's "Utilities" page leading to unauthorized access for all user roles, including "Subscriber".
af33faff2eac2d7e60b23a09b13a21e743b2acab343abb9a1ba1e8f3913a386d
Geonetwork versions 3.1.x through 4.2.0 suffer from an XML external entity injection vulnerability.
b6960c0b16c14d8c15e9fb95af349b9c0df4129ca1c1ec5012226c0cf1bf3a8b
Transposh WordPress Translation versions 1.0.8.1 and below have an ajax action called "tp_history" which is intended to return data about who has translated a text given by the "token" parameter. However, the plugin also returns the user's login name as part of the "user_login" attribute. Successful exploits can allow an unauthenticated attacker to leak the WordPress username of translators. If an anonymous user submitted the translation, then the user's IP address is returned.
9edfbd7e51dbf96c4ec365750f8acbdc5e0bcb40dfa07245a905258f418c9681
Crime Reporting System version 1.0 suffers from a persistent cross site scripting vulnerability.
134f7cc89e016dd40ec6f94be6c14e9a72f24e41d92ceac88aa2cd6916a78c10
Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03c
rpc.py version 0.6.0 suffers from a remote code execution vulnerability.
33abea8f61fd6b17f12060c9cb706fdb9f1133ee39f527443f669393e2991229
Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users to add translations via the plugin's "tp_translation" ajax action. Successful exploits can allow an unauthenticated attacker to add translations to the WordPress site and thereby influence what is actually shown on the site.
c25e589bc0f339822e669aa5ee336af340896bf3579587f6ad8e5c6ae0691179
Dingtian-DT-R002 version 3.1.276A suffers from an authentication bypass vulnerability.
c4aafb04ab940ad8ed639d090f1cb3dab189b7a09aab3cd311715b6cd8f14560
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative interface on the pages "tp_main" and "tp_editor". However, since the plugin does not properly validate and sanitize the submitted translation, arbitrary Javascript code can be permanently injected and executed directly within the backend across all users visiting the page with the roles of at least "Subscriber" and up to "Administrator".
484332c9e36ec88f8a190cc80119a1f22da60e0f49e9a327a7f7268bba597fb7
Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_tp" that is vulnerable to an unauthenticated/authenticated reflected cross site scripting vulnerability when user-supplied input to the HTTP GET parameter "q" is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code onto the same page.
126f6f0908b2d0af3788074669b78c52b992a1d268ad9fca40e951bf16e63e90
WordPress WP-UserOnline plugin versions 2.87.6 and below suffer from a persistent cross site scripting vulnerability.
f6801eabd968457a104d901ce64897fb4b492fbd508a10ad3532e3d5615da08a
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
0e8f410ee7c0e0ebb79866fa6e7831932c94c07784f5823be2d5b028778e2249
Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d75b3ab8871f404b65b13fe82c8b4fbaec1f02123dfe8233f01f7fef75a37fe1
This Metasploit module exploits an unauthenticated command injection vulnerability in Roxy-WI versions prior to 6.1.1.0. Successful exploitation results in remote code execution under the context of the web server user. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.
96d069f907bcd7cf304913bbed0abdeaec0d86467550d0c7535f3ee8826057d3
Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fe66c661132cc964be237a78b59c37dd33812105a69f943e40034432ba9e37b1
Garage Management System version 1.0 suffers from a remote shell upload vulnerability.
ab0ebb6c87eb34a7a0f252098e28dd19c540d7bd1bf348be3b734685516a5a76
Expert X Jobs Portal and Resume Builder version 1.0 suffers from a remote SQL injection vulnerability.
376564ceda2e198de8dceb8ed5116a678ef9962cb5cead849c271870ad95168e
PCProtect Endpoint version 5.17.470 fails to provide sufficient anti-tampering protection that can be leveraged to achieve SYSTEM privileges.
2d06bd74496b08a5700c2c8e026dcb7ac169ea6a7167829bfbda24a822742cfd
Patlite versions 1.45 and below suffer from a buffer overflow vulnerability.
5c29e3afa128083754b4bac9a8b929fac03751344f5c65c15f43df42fefcb136
Marty Marketplace Multi Vendor Ecommerce Script version 1.2 suffers from a remote SQL injection vulnerability.
de54243b67a1b9382ad0793900de4b162ce93e29eb5cc6a5a7eb97495e63a2b6
Backdoor.Win32.Eclipse.h malware suffers from a hardcoded credential vulnerability.
cb80773c5ec99bb1c8f84021a4d97f89b467aa36feac244444c08a628a4e0d51
Chrome has an issue where raw_ptr broke implicit scoped_refptr for receivers in base::Bind.
608734695dfbbf56d37a25c6b0e92ec571e720ac20c50496dd9608c3ee36b587