Lucene search
+L

16 matches found

packetstorm
packetstorm
added 2024/10/18 12:0 a.m.538 views

Magento / Adobe Commerce Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...

9.8CVSS7.6AI score0.99994EPSS
Exploits38
thn
thn
added 2024/10/02 12:13 p.m.40 views

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 CVSS score: 9.8, the critical flaw relates to an improper restriction of XML external...

9.8CVSS8.2AI score0.99994EPSS
Exploits38
githubexploit
githubexploit
added 2024/08/13 7:33 a.m.592 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...

9.8CVSS8AI score0.99994EPSS
Exploits26
rapid7blog
rapid7blog
added 2024/07/26 6:7 p.m.42 views

Metasploit Weekly Wrap-Up 07/26/2024

New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...

9.8CVSS8.3AI score0.99994EPSS
Exploits35
metasploit
metasploit
added 2024/07/18 7:53 p.m.429 views

Magento XXE Unserialize Arbitrary File Read

This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system. Module Options msf use auxiliary/gather/magentoxxecve202434102 msf auxiliarymagentoxxecve202434102 show actions ...actions... msf auxiliarymagentoxxecve202434102 set...

9.8CVSS6.9AI score0.99994EPSS
Exploits26
thn
thn
added 2024/07/18 6:1 a.m.67 views

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem Cisco SSM On-Prem that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked...

10CVSS10AI score0.99994EPSS
Exploits39
githubexploit
githubexploit
added 2024/07/13 10:25 a.m.356 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

Cosmic Sting: CVE-2024-34102 Exploiter Cosmic Sting is a Go-b...

9.8CVSS9.8AI score0.99994EPSS
Exploits26
githubexploit
githubexploit
added 2024/07/07 11:35 p.m.314 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

A Cosmicsting POC...

9.8CVSS10AI score0.99994EPSS
Exploits26
githubexploit
githubexploit
added 2024/07/01 8:19 a.m.499 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CosmicSting: critical unauthenticated XXE vulnerability in Ado...

9.8CVSS10AI score0.99994EPSS
Exploits38
ncsc
ncsc
added 2024/07/01 7:10 a.m.10 views

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code, possibly with administrator privileges. Proof-of-Concept code PoC has been published for the vulnerability with reference...

9.8CVSS9.6AI score0.99994EPSS
Exploits26References1
githubexploit
githubexploit
added 2024/06/30 4:49 p.m.609 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 Usage bash python3 CVE-2024-34102.py...

9.8CVSS9.6AI score0.99994EPSS
Exploits26
githubexploit
githubexploit
added 2024/06/28 11:33 p.m.443 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

🚨 CVE-2024-34102 Exploit Script 🚨 Description This script...

9.8CVSS8.1AI score0.99994EPSS
Exploits26
githubexploit
githubexploit
added 2024/06/27 9:57 p.m.827 views

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication XM...

9.8CVSS9.4AI score0.99994EPSS
Exploits26
circl
circl
added 2024/06/13 10:26 a.m.11 views

CVE-2024-34102

creationtimestamp| type| source ---|---|--- 2024-06-13 10:26:36+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus16/2024 2024-06-21 14:20:32+00:00| published-proof-of-concept| https://t.me/HackingInsights/3235 2024-06-21 18:35:05+00:00| seen| https://t.me/truesecator/5886...

9.8CVSS7.1AI score0.99994EPSS
Exploits26References89
cvelist
cvelist
added 2024/06/13 9:4 a.m.69 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS0.99994EPSS
Exploits26References2
vulnrichment
vulnrichment
added 2024/06/13 9:4 a.m.122 views

CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...

9.8CVSS7.4AI score0.99994EPSS
Exploits26References2
Rows per page
Query Builder