This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.
138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.
3e3f414d0ec3165e352b2624a3e784100a79ab838c827536fa557daa6cf4b2b8I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
249b35c1e061e194ee18048b0644cc5e2c5cf785ffce655e3124eb959dc189ffLogwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
5eb42d983a9667003368b572149fce788c0d7e13daaf1f28ad1bf3a140b865cfCollateral Damage is a kernel exploit for Xbox SystemOS using CVE-2024-30088. It targets Xbox One and Xbox Series consoles running kernel versions 25398.4478, 25398.4908, and 25398.4909. The initial entrypoint is via the Game Script UWP application.
37f647ed1a6f781f4be32182919dbb9877f42dbd8d26a16f662f280d73a0ade5Ubuntu Security Notice 6903-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service.
ef4b61c19ba1cf89ba89cd01bfc4d81fcf08875ddab9da8ccaa5a0275782a54cAdobe Commerce and Magento Open Source are affected by an XML injection vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. Versions Affected include Adobe Commerce and Magento Open Source 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier. This exploit uses the arbitrary file reading aspect of the issue to impersonate a user.
6dc2631d3032a832f090c548531e8b8f77ef41c5778c811973c0342b99b373e0Xhibiter NFT Marketplace version 1.10.2 suffers from a cross site scripting vulnerability.
a7a598cb46f77d150039a39dbd055a562324f7c75d337f3dfdd9ed322b34d82ceStore CMS version 2.0 suffers from a remote SQL injection vulnerability.
de369a0ae5b5244b3ab433e9d7d07ec19ac008a8083d31f1bf7a032e4ffa3c9bClenix version 1.0 suffers from an insecure direct object reference vulnerability.
c8cfbe1e1565830e6a6d2555376f8475ad918a45655a551c1e92d3dbe0868c58Candy Redis version 2.1.2 appears to suffer from an administrative page disclosure issue.
a69f6d9ff9e980b9fb601fdda46e646f965883d799286eaeb71003e83fe8c43dAgop CMS version 1.0 suffers from an insecure direct object reference vulnerability.
1ed22de09e417dcaed8d9f03d8d62abd6b70fc4587552e70a4bdbce253d3011bRed Hat Security Advisory 2024-4673-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
6aaa85cf49f4c6acb05f34b57097bbd5a3f155e564d6265c5cc764ab31e67ca8Red Hat Security Advisory 2024-4672-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a memory leak vulnerability.
262933c57231b7330035e4eca71b393a1ac52396ac5bb487c5e5d4e0b200812aRed Hat Security Advisory 2024-4671-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
34bc02dd6d5408a06546e0dfa81436a698aab33ee9094c269c7f312753426b66Red Hat Security Advisory 2024-4670-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
cb4da693cd813fbfea840f1037a61900575e092b94a7240c5370624aad9e5639Red Hat Security Advisory 2024-4646-03 - An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
8f4ae04d11702a098dd4c6342951f57fac353b206fbc08c46f1c56998aad8992Red Hat Security Advisory 2024-4645-03 - An update for qt5-qtbase is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
7a27b029169b1905bd814a1572765f4bd9cd5ffcf7c9ad85caf21cc0122aab9eRed Hat Security Advisory 2024-4642-03 - An update for libndp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
a7e9b094503f1c664febcbe3fe1f2e9e25fd034c9caaa4719a280737fd76d380
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed