Lucene search
K

29 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/06/09 4:39 p.m.474 views

Announcing Metasploit 6.2

Metasploit 6.2.0 has been released, marking another milestone that includes new modules, features, improvements, and bug fixes. Since Metasploit 6.1.0 August 2021 until the latest Metasploit 6.2.0 release we’ve added: 138 new modules 148 enhancements and features 156 bug fixes Top modules Each...

10CVSS0.99999EPSS
Exploits570
GithubExploit
GithubExploit
added 2022/06/03 9:17 a.m.374 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity M...

10CVSS9.9AI score0.99997EPSS
Exploits25
GithubExploit
GithubExploit
added 2022/06/03 8:51 a.m.287 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity M...

10CVSS9.9AI score0.99997EPSS
Exploits25
GithubExploit
GithubExploit
added 2022/06/01 7:33 p.m.99 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity M...

10CVSS9.3AI score0.99997EPSS
Exploits32
hivepro
hivepro
added 2022/05/19 2:34 p.m.72 views

Vulnerabilities in VMware when chained together grants Full System Control

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Cybersecurity and Infrastructure Security Agency CISA has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the...

10CVSS1.2AI score0.99997EPSS
Exploits34
Malwarebytes
Malwarebytes
added 2022/05/19 12:42 p.m.139 views

VMWare vulnerabilities are actively being exploited, CISA warns

The Cybersecurity & Infrastructure Security Agency has issued an Emergency Directive ED 22-03 and released a Cybersecurity Advisory CSA about ongoing, and expected exploitation of multiple vulnerabilities in several VMware products. Chaining unpatched VMware vulnerabilities The title of the...

10CVSS10AI score0.99997EPSS
Exploits34
ThreatPost
ThreatPost
added 2022/05/18 1:54 p.m.161 views

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and...

10CVSS10AI score0.99999EPSS
Exploits385References7
Rapid7 Blog
Rapid7 Blog
added 2022/05/06 5:56 p.m.1701 views

Metasploit Wrap-Up

VMware Workspace ONE Access RCE Community contributor wvu has developed a new Metasploit Module which exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI in VMware Workspace ONE Access, to execute shell commands as the ‘horizon’ user. This module has a CVSSv3 base scor...

10CVSS0.3AI score0.99999EPSS
Exploits53
0day.today
0day.today
added 2022/05/04 12:0 a.m.414 views

VMware Workspace ONE Access Template Injection / Command Execution Exploit

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.6AI score0.99997EPSS
Exploits25
Metasploit
Metasploit
added 2022/05/03 5:42 p.m.289 views

VMware Workspace ONE Access CVE-2022-22954

This module exploits CVE-2022-22954, an unauthenticated server-side template injection SSTI in VMware Workspace ONE Access, to execute shell commands as the "horizon" user. Module Options msf use exploit/linux/http/vmwareworkspaceoneaccesscve202222954 msf exploitvmwareworkspaceoneaccesscve2022229...

10CVSS10AI score0.99997EPSS
Exploits25
Packet Storm
Packet Storm
added 2022/05/03 12:0 a.m.301 views

VMware Workspace ONE Access Template Injection / Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access CVE-2022-22954', 'Description' = %q This module exploits CVE-2022-22954, an unauthenticated server-side template...

10CVSS0.8AI score0.99997EPSS
Exploits25
Rapid7 Blog
Rapid7 Blog
added 2022/04/29 1:25 p.m.2401 views

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

On April 6, 2022, VMware published VMSA-2022-0011, which detailed multiple security vulnerabilities. The most severe of these is CVE-2022-22954, a critical remote code execution vulnerability affecting VMware’s Workspace ONE Access and Identity Manager solutions. The vulnerability arises from a...

10CVSS0.4AI score0.99999EPSS
Exploits385
Check Point Advisories
Check Point Advisories
added 2022/04/27 12:0 a.m.14 views

VMware Workspace Remote Code Execution (CVE-2022-22954)

A remote code execution vulnerability exists in VMware Workspace. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS6AI score0.99997EPSS
Exploits25
Tenable Nessus
Tenable Nessus
added 2022/04/25 12:0 a.m.126 views

VMware Workspace One Access / VMware Identity Manager Server-side Template Injection RCE (CVE-2022-22954)

Binary data vmwareworkspaceoneaccesscve-2022-22954.nbin...

10CVSS10AI score0.99997EPSS
Exploits25References4
hivepro
hivepro
added 2022/04/18 1:6 p.m.137 views

Two actively exploited vulnerabilities affect multiple VMware products

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple vulnerabilities have been discovered in VMware products. Two of these have been exploited in the wild. The first zero-day vulnerability, CVE-2022-22954, is a server-side template injection flaw. An attacker could...

10CVSS1.4AI score0.99997EPSS
Exploits32
GithubExploit
GithubExploit
added 2022/04/15 7:26 p.m.520 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 CVE-2022-22954 VMware Workspace ONE Access free...

10CVSS10AI score0.99997EPSS
Exploits25
GithubExploit
GithubExploit
added 2022/04/14 11:38 p.m.411 views

Exploit for Code Injection in Vmware Identity_Manager

VMware-CVE-2022-22954-Command-Injector Proof of Concept for e...

10CVSS9.9AI score0.99997EPSS
Exploits25
The Hacker News
The Hacker News
added 2022/04/14 4:31 a.m.75 views

Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the security shortcoming relates to a remote code execution vulnerability...

10CVSS2AI score0.99997EPSS
Exploits25
GithubExploit
GithubExploit
added 2022/04/13 4:18 p.m.506 views

Exploit for Code Injection in Vmware Identity_Manager

!CVE-2022-22954https://socialify.git.ci/bewhale/CVE-2022-2295...

10CVSS7.5AI score0.99997EPSS
Exploits25
GithubExploit
GithubExploit
added 2022/04/13 8:52 a.m.362 views

Exploit for Code Injection in Vmware Identity_Manager

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity M...

10CVSS9.9AI score0.99997EPSS
Exploits25
Rows per page
Query Builder