Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

Remote code execution

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

PT-2022-25602 · Unknown · Exam Reviewer Management System

Name of the Vulnerable Software and Affected Versions: Exam Reviewer Management System version 1.0 Description: The issue allows an authenticated attacker to upload a web-shell php file in the profile page, resulting in Remote Code Execution RCE. Recommendations: For Exam Reviewer Management Syst...

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload Vulnerabilities

Gas Agency Management 2022 suffers from cross site scripting, remote SQL injection, and remote shell upload vulnerabilities. Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0:...

Gas Agency Management 2022 SQL Injection / XSS / Shell Upload

Title: Gas Agency Management-2022 by Mayuri K - SQLi+FU-RCE+XSS Author: nu11secur1ty Date: 08.12.2022 Vendor Homepage: https://www.mayurik.com/downloadsection Software Link-0: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html Software...

[updated] Thousands of Zimbra mail servers backdoored in large scale attack

Researchers at Volexity have discovered that a known vulnerability has been used in a large scale attack against Zimbra Collaboration Suite ZCS email servers. But the vulnerability was supposed to be hard to exploit since it required authentication. So they decided to dig deeper. An incomplete fi...

PHP Zerodium Backdoor

An attacker might upload a web shell backdoor to a PHP server via zerodium prefix. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access

Threat actors are increasingly abusing Internet Information Services IIS extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to...

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services IIS extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little...

Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload

The plugin allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations. 1. Craft a custom zip file...

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system,...

CVE-2022-31087

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

DEBIAN-CVE-2022-31087

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

UBUNTU-CVE-2022-31087

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2022-31087 Incorrect Default Permissions in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php and .php5/.php4/.phpt/etc files. An attacker capable of writing...

CVE-2022-31087

CVE-2022-31087 affects LDAP Account Manager (LAM). The underlying issue is that in versions prior to 8.0 the tmp directory under /lam/tmp/ is capable of interpreting PHP files, enabling a writer with www-data privileges to place a web shell and achieve code execution on the host. The accepted rem...

LDAP Account Manager 注入漏洞

LDAP Account Manager is a web front-end for managing entries in stored LDAP directories e.g., users, groups, DHCP settings. versions prior to LDAP Account Manager 8.0 contain an injection vulnerability that could be exploited by an attacker to write a web-shell to the /lam/tmp/ directory and gain...