Lucene search
K

34 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.154 views

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

9.8CVSS9.4AI score0.99753EPSS
Exploits15References5
Rapid7 Blog
Rapid7 Blog
added 2024/03/08 5:0 p.m.91 views

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

7.5CVSS6AI score0.99753EPSS
Exploits27
Rapid7 Blog
Rapid7 Blog
added 2024/01/12 9:25 p.m.44 views

Metasploit Weekly Wrap-Up 01/12/24

New module content 1 Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: 18604 contributed by siddolo Path: windows/gather/credentials/winboxsettings Description: This pull request introduces a new post module to extract th...

7.5CVSS7.3AI score0.99753EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/09/08 5:36 a.m.88 views

CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems...

10CVSS10.1AI score0.99999EPSS
Exploits377
ICS
ICS
added 2023/09/07 12:0 p.m.88 views

Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

Actions to take today to mitigate malicious cyber activity: 1. Patch all systems for known exploited vulnerabilities KEVs, including firewall security appliances. 2. Monitor for unauthorized use of remote access software using endpoint detection tools. 3. Remove unnecessary disabled accounts and...

10CVSS10AI score0.99999EPSS
Exploits377References152
Talos Blog
Talos Blog
added 2023/08/24 12:2 p.m.95 views

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same...

7.5CVSS10AI score0.99753EPSS
Exploits15
The Hacker News
The Hacker News
added 2023/05/25 10:40 a.m.280 views

Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code

The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool,...

9.8CVSS9.9AI score0.99999EPSS
Exploits44
The Hacker News
The Hacker News
added 2023/02/23 3:2 p.m.95 views

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...

9.8CVSS1.6AI score0.99753EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.74 views

ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)

Binary data manageengineaccessmanagerpluscve-2022-47966.nbin...

9.8CVSS9.2AI score0.99753EPSS
Exploits15References4
Saint
Saint
added 2023/02/17 12:0 a.m.225 views

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

9.8CVSS10AI score0.99753EPSS
Exploits15
0day.today
0day.today
added 2023/02/13 12:0 a.m.335 views

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute...

9.8CVSS9.9AI score0.99753EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2023/02/10 7:39 p.m.96 views

Metasploit Weekly Wrap-Up

Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...

9CVSS0.3AI score0.99999EPSS
Exploits48
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.207 views

ManageEngine ServiceDesk Plus MSP Unauthenticated RCE (CVE-2022-47966)

Binary data manageengineservicedeskmspcve-2022-47966.nbin...

9.8CVSS9.2AI score0.99753EPSS
Exploits15References3
Metasploit
Metasploit
added 2023/02/09 7:52 p.m.272 views

ManageEngine Endpoint Central Unauthenticated SAML RCE

This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...

9.8CVSS9.7AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.711 views

Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Endpoint Central Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.3AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/02/08 12:0 a.m.378 views

ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerabilit...

9.8CVSS0.7AI score0.99753EPSS
Exploits15
Metasploit
Metasploit
added 2023/02/07 7:49 p.m.352 views

ManageEngine ServiceDesk Plus Unauthenticated SAML RCE

This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a crafted...

9.8CVSS9.7AI score0.99753EPSS
Exploits15
0day.today
0day.today
added 2023/02/07 12:0 a.m.396 views

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...

9.8CVSS10AI score0.99753EPSS
Exploits15
Packet Storm
Packet Storm
added 2023/02/07 12:0 a.m.425 views

Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...

9.8CVSS0.5AI score0.99753EPSS
Exploits15
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.38 views

ManageEngine ServiceDesk Plus Unauthenticated RCE (CVE-2022-47966)

Binary data manageengineservicedeskcve-2022-47966.nbin...

9.8CVSS9.2AI score0.99753EPSS
Exploits15References2
Rows per page
Query Builder