This archive contains all of the 88 exploits added to Packet Storm in October, 2022.
c21b38d9d78edc23f247def809698cb8d90a9dc7b607e5439052b9721f209a48The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
9fd49ad2d42596cc152f6771bcdd491b37e2986a01a0b0cdb2f997469ee1fdecSimple Cold Storage Management System version 1.0 suffers from a remote SQL injection vulnerability.
fb5d717ac9eec8802533869820e2477f518070b4c89dbd42ffbacdd6ba37b3e3Train Scheduler App version 1.0 suffers from an insecure direct object reference vulnerability.
35e0aca5c12fde1a197fcd41a91aeee4b905c913ce48905a08acc0913c03bbe7In wolfSSL versions prior to 5.5.1, malicious clients can cause a buffer overflow during a resumed TLS 1.3 handshake. If an attacker resumes a previous TLS session by sending a maliciously crafted Client Hello, followed by another maliciously crafted Client Hello. In total 2 Client Hellos have to be sent. One which pretends to resume a previous session and a second one as a response to a Hello Retry Request message.
dc47311c0e4409688cd698016d1b6ec4010bff4dbccd63241e107b8a91774b58Ecommerce CodeIgniter Bootstrap version 1.0 suffers from a cross site scripting vulnerability.
8067f4fd81733f7b71a1c0e622616e9b01152a86d53a5b22251faef3ddc7b340APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or channel to access hidden directories in the web server. All versions prior to 3.5 are affected.
9cdea8ef198269714420f4181480f5f779bae0a4ceba444e0d250e3b4071220aThis Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.
4aa68ef0141c22e4e2be0cd50c642945c2afd7a94ea98ee68a6375e6bd398e81Dinstar FXO Analog VoIP Gateway version DAG2000-16O suffers from a persistent cross site scripting vulnerability.
97eaa1028dd6a201c66d40bfa6162f161c2586c5696100d18bc50025c51b3882ERP Sankhya versions 4.13.x and below suffer from a cross site scripting vulnerability.
1744ed67564a520b1a5d65928e4721a6bdd822c0125cd9c31ecb715595b6e46aThis Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.
529159bd26d8ef9713fdda0560ec98c0fd7749d335736c9d27898c59fbf09efbZKTeco ZEM500-510-560-760, ZEM600-800, ZEM720, and ZMM suffer from a missing authentication vulnerability. Versions below 8.88 (ZEM500-510-560-760, ZEM600-800, ZEM720) and 15.00 (ZMM200-220-210) are potentially affected.
36be41250a5b1d5ca0a21529a027fb68c33b74c1ab119ab9738787f47f4bdc75Backdoor.Win32.Psychward.10 malware suffers from an unauthenticated remote command execution vulnerability.
50c8d45b439f940960ae1c8f607103a266bf0e358d5a088cf19752880f976bdfEmail-Worm.Win32.Kipis.c malware suffers from a remote file write vulnerability that allows for remote code execution.
a928474123c62826be6937b0f16cc3bd810a092305c80c11b1dba87312f0d8bePega Platform versions 8.1.0 through 8.7.3 suffer from a remote code execution vulnerability. If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
14f97e39b3b48a9075da1f6e66862a187e036b509ff25bfce33fb66bb645c604Backdoor.Win32.Delf.arh malware suffers from an authentication bypass vulnerability.
e5c413409b33c8c771245af2c651a2554e93871a2544df61fe5e997eedfd885bThis Metasploit module creates a .tar file that can be emailed to a Zimbra server to exploit CVE-2022-41352. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in the cpio command-line utility that can extract an arbitrary file to an arbitrary location on a Linux system (CVE-2015-1197). Most Linux distros have chosen not to fix it. This issue is exploitable on Red Hat-based systems (and other hosts without pax installed) running versions Zimbra Collaboration Suite 9.0.0 Patch 26 and below and Zimbra Collaboration Suite 8.8.15 Patch 33 and below.
ce92bc8cd0b896bbf1bbebcee5677a9a8619813aaba32b6be0cfc98fba18d5b5Chrome suffers from a heap use-after-free vulnerability in AccountSelectionBubbleView::OnAccountImageFetched.
58250b99dc0491f82cdc58424c569b8f9d2df212310a3407eb9441507e365641There is a vulnerability in Cisco Jabber that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Cisco Jabber client, including XMPP stanzas that are normally sent only by the trusted server.
ed2115ba91caeae4b0245ae0141359b56fa7d27077ea7a8cb6d34c1aa2ad914cChrome suffers from a heap buffer overflow vulnerability in offline_items_collection::OfflineContentAggregator::OnItemRemoved.
a12649cc87b93dc4f1206b4520f0269c90067ff6042cf3fbf667a38af1956ab3This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.
818eeb4d404c8cde2ab69451948a6037ca08bef60e2be65eb6fe9ed9d7ef0e7dThis Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell.
60ec0dcab5b58dbebac7ed6c99c5cf1fb52f76e5b1a5f3723089e823fc252948AVS Audio Converter version 10.3 suffers from a stack overflow vulnerability.
ec7347cd5f5d10a2cede7312e6e56ccaf9f1bf87ea591e7fb790a119da8b4db7MiniDVBLinux versions 5.4 and below suffer from an arbitrary file disclosure vulnerability.
69d96731d3c498b5f426e741af91e8e43bfa7a49c2a0925103aa5d80b98b0065WordPress Photo Gallery plugin version 1.8.0 suffers from a cross site scripting vulnerability.
840e13a4028153ee403a099b9ac40a4ad96f345c2e3249f313e1613d9523cfac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed