Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

Real POC published https://github.com/ynwarcs/CVE-2024-38063 and...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

Real POC published https://github.com/ynwarcs/CVE-2024-38063 and...

Metasploit Weekly Wrap-Up 08/16/2024

New module content 3 Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: 19348 contributed by jheysel-r7 Path: linux/http/apachehugegraphgremlinrce AttackerKB reference: CVE-2024-27348 Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2024-27198 In JetBrains TeamCity before 2023.11.4 authenti...

Apache HugeGraph Gremlin Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache HugeGraph Gremlin RCE', 'Description' = %q This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that...

CVE-2024-22218

CVE-2024-22218/22219 describe an XXE vulnerability in Terminalfour versions 8.0.0001–8.3.18 and XML JDBC up to 1.0.4. An authenticated user can submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote code execution (RCE), or Server-Side Reques...

CVE-2024-22219

XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...

Apache HugeGraph Gremlin Remote Code Execution Exploit

This Metasploit module exploits CVE-2024-27348, a remote code execution vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve remote code execution through Gremlin, resulting in complete control over the server...

SolarWinds Web Help Desk < 12.8.3 HF 1 Deserialization RCE

The version of SolarWinds Web Help Desk installed on the remote host is prior to 12.8.3 HF1. It is, therefore, affected by a remote code execution vulnerability, that, if exploited, would allow an attacker to run commands on the host machine. Note that Nessus has not tested for these issues but h...

Apache HugeGraph Gremlin RCE

This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server Module Options msf...

Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Critical: Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update

An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-39401 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

CVE-2024-39402 Adobe Commerce | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue require...

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE...

CVE-2024-37373

Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE...

Microsoft Outlook 2016 RCE Vulnerability (KB5002626)

This host is missing an important security update according to Microsoft KB5002626 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft PowerPoint 2016 RCE Vulnerability (KB5002586)

This host is missing an important security update according to Microsoft KB5002586 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

RHEL 8 : Red Hat Product OCP Tools 4.12 OpenShift Jenkins (RHSA-2024:5410)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:5410 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Securi...