34 matches found
ManageEngine - Remote Command Execution
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...
Metasploit Wrap-Up 03/08/2024
New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...
Metasploit Weekly Wrap-Up 01/12/24
New module content 1 Windows Gather Mikrotik Winbox "Keep Password" Credentials Extractor Author: Pasquale 'sid' Fiorillo Type: Post Pull request: 18604 contributed by siddolo Path: windows/gather/credentials/winboxsettings Description: This pull request introduces a new post module to extract th...
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems...
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Actions to take today to mitigate malicious cyber activity: 1. Patch all systems for known exploited vulnerabilities KEVs, including firewall security appliances. 2. Monitor for unauthorized use of remote access software using endpoint detection tools. 3. Remove unnecessary disabled accounts and...
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same...
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code
The threat actors behind the nascent Buhti ransomware have eschewed their custom payload in favor of leaked LockBit and Babuk ransomware families to strike Windows and Linux systems. "While the group doesn't develop its own ransomware, it does utilize what appears to be one custom-developed tool,...
Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...
ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)
Binary data manageengineaccessmanagerpluscve-2022-47966.nbin...
Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution
Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute...
Metasploit Weekly Wrap-Up
Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...
ManageEngine ServiceDesk Plus MSP Unauthenticated RCE (CVE-2022-47966)
Binary data manageengineservicedeskmspcve-2022-47966.nbin...
ManageEngine Endpoint Central Unauthenticated SAML RCE
This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Endpoint Central Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADSelfService Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerabilit...
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a crafted...
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by...
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ServiceDesk Plus Unauthenticated SAML RCE', 'Description' = %q This exploits an unauthenticated remote code execution vulnerability...
ManageEngine ServiceDesk Plus Unauthenticated RCE (CVE-2022-47966)
Binary data manageengineservicedeskcve-2022-47966.nbin...