16 matches found
Magento / Adobe Commerce Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CosmicSting: Magento Arbitrary File Read CVE-2024-34102 + PHP Buffer Overflow in the iconv function of glibc CVE-2024-2961', 'Description' = %q...
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 CVSS score: 9.8, the critical flaw relates to an improper restriction of XML external...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...
Metasploit Weekly Wrap-Up 07/26/2024
New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...
Magento XXE Unserialize Arbitrary File Read
This module exploits a XXE vulnerability in Magento 2.4.7-p1 and below which allows an attacker to read any file on the system. Module Options msf use auxiliary/gather/magentoxxecve202434102 msf auxiliarymagentoxxecve202434102 show actions ...actions... msf auxiliarymagentoxxecve202434102 set...
Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager
Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem Cisco SSM On-Prem that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
Cosmic Sting: CVE-2024-34102 Exploiter Cosmic Sting is a Go-b...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
A Cosmicsting POC...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CosmicSting: critical unauthenticated XXE vulnerability in Ado...
Vulnerabilities fixed in Adobe Commerce
Adobe has fixed vulnerabilities in Commerce and Magento. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code, possibly with administrator privileges. Proof-of-Concept code PoC has been published for the vulnerability with reference...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CVE-2024-34102 Usage bash python3 CVE-2024-34102.py...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
🚨 CVE-2024-34102 Exploit Script 🚨 Description This script...
Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce
CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication XM...
CVE-2024-34102
creationtimestamp| type| source ---|---|--- 2024-06-13 10:26:36+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus16/2024 2024-06-21 14:20:32+00:00| published-proof-of-concept| https://t.me/HackingInsights/3235 2024-06-21 18:35:05+00:00| seen| https://t.me/truesecator/5886...
CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...
CVE-2024-34102 XXE can expose crypt key and other secrets granting full admin access
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that...