Lucene search
K

6 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/07/26 6:7 p.m.42 views

Metasploit Weekly Wrap-Up 07/26/2024

New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...

9.8CVSS8.3AI score0.99994EPSS
Exploits35
0day.today
0day.today
added 2024/07/22 12:0 a.m.448 views

Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

7.2CVSS8.2AI score0.10229EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/07/22 12:0 a.m.252 views

Softing Secure Integration Server 1.22 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' require 'metasploit/framework/loginscanner/softingsis' class MetasploitModule 'Softing Secure Integration Server v1.22 Remote Code Execution', 'Description...

7.2CVSS7.4AI score0.10229EPSS
Exploits3
Circl
Circl
added 2022/08/18 12:40 a.m.36 views

CVE-2022-1373

creationtimestamp| type| source ---|---|--- 2022-08-18 00:40:43+00:00| seen| https://t.me/cibsecurity/48303 2024-07-19 17:55:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/softingsisrce.rb 2025-02-06 03:13:45+00:00| seen|...

7.2CVSS6.9AI score0.10229EPSS
Exploits3References3
CVE
CVE
added 2022/08/17 8:10 p.m.73 views

CVE-2022-1373

CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...

7.2CVSS7.2AI score0.10229EPSS
Exploits3References2Affected Software6
Vulnrichment
Vulnrichment
added 2022/08/17 8:10 p.m.6 views

CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...

7.2CVSS7.1AI score0.10229EPSS
Exploits3References2
Rows per page
Query Builder