6 matches found
Metasploit Weekly Wrap-Up 07/26/2024
New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...
Softing Secure Integration Server 1.22 Remote Code Execution Exploit
This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...
Softing Secure Integration Server 1.22 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' require 'metasploit/framework/loginscanner/softingsis' class MetasploitModule 'Softing Secure Integration Server v1.22 Remote Code Execution', 'Description...
CVE-2022-1373
creationtimestamp| type| source ---|---|--- 2022-08-18 00:40:43+00:00| seen| https://t.me/cibsecurity/48303 2024-07-19 17:55:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/softingsisrce.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2022-1373
CVE-2022-1373 affects Softing Secure Integration Server v1.22 and is a directory traversal flaw in the “restore configuration” feature when processing ZIPs, enabling an attacker to load an arbitrary DLL and execute code. The Metasploit entry documents a chained exploit with CVE-2022-2334, where a...
CVE-2022-1373 Softing Secure Integration Server Relative Path Traversal
The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file...