7 matches found
CVE-2022-2334
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22...
Metasploit Weekly Wrap-Up 07/26/2024
New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...
Softing Secure Integration Server 1.22 Remote Code Execution Exploit
This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...
Softing Secure Integration Server 1.22 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' require 'metasploit/framework/loginscanner/softingsis' class MetasploitModule 'Softing Secure Integration Server v1.22 Remote Code Execution', 'Description...
CVE-2022-2334
creationtimestamp| type| source ---|---|--- 2022-08-18 00:40:49+00:00| seen| https://t.me/cibsecurity/48309 2024-07-19 17:55:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/softingsisrce.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2022-2334 Softing Secure Integration Server Uncontrolled Search Path Element
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22...
CVE-2022-2334
CVE-2022-2334 affects Softing Secure Integration Server v1.22 and relates to an uncontrolled search path element: an attacker can place a DLL (notably wbemcomn.dll) that the server loads, enabling arbitrary code execution when the service restarts after a restore/config change. The vulnerability ...