This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.
3b1724367c87a328eb0a2106c305037f2a413ec6310fe39613f91e443e4e1a9cThis Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.
5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.
769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
626a0b8a1438ccde6a1826653d3285d7f2a9a3cd644e2dfcfff06f2bc14e0f9dThis is toolset designed to help analyze, hunt, and classify malware using .NET metadata. The linked home page provides an overview of its use and purpose.
e2e99b42631e64db1283ccae1c91b162aa9eff70b8618d583e3f3a47272524f4Red Hat Security Advisory 2024-1533-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
c658185677135802db2ba020e70479b25e526033ddf4ea288605faedc8a49296Red Hat Security Advisory 2024-1532-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.
8cc838f6ef748a44660ee0af1d6a0ecdccb9b164104b147228a83cfd362a1daeRed Hat Security Advisory 2024-1530-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
92c4cf26137a97b713c97c1dd226dd743abe0f5f36835f644e733b15005565c2Red Hat Security Advisory 2024-1522-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
e476ac13e1612204983ce0e813c01657a08006807d534915221fab891ff9d4b5Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.
4139fe8722da9090b649b6c2e329d28e730741d7fd1766e8611ccc508a83a955Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.
cca5a4488ff9b7699fd1a94c08ef52f1f53425aa624700fb9ed880aa369c470eRed Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.
45eee7bd37815f0599ffab7431b61864e4766be1c41624e6d721caeaeb7496c5Red Hat Security Advisory 2024-1514-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.
34ea4d403a60633cb9370a1ff8d81dffa5acf36bc1ec0d896851414f6acb339dRed Hat Security Advisory 2024-1513-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
577fdd4565b7e22aa6febce304afd67759a42bc1246beef78957bfc619abd558Red Hat Security Advisory 2024-1512-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
b308b65b8e83a6ac793ca79e1c7506e791ad6ea5526abd6e56ca003ea6308710Red Hat Security Advisory 2024-1461-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements.
875efd49e2c9f39f96e0ab7b96c29b38dca432ed778b372a94bbfd11a69be01dRed Hat Security Advisory 2024-1458-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.
7a0151c80a85d152c9d9040e75203632a9286f02cafca6a401b093e08121249dRed Hat Security Advisory 2024-1456-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.
8c608cef0cfe9a9292bafc8055a26fa309fc36d5ba56ed13250a9f831a8163efRed Hat Security Advisory 2024-1454-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.
71bace167afcc96939c35c388f9fa93c27cfc6960e677ca356311fa3f9c29d5a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed