Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2024-39906 Remote code execution in Haven IndieAuthClient (GHSL-2024-093)

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

Metasploit Weekly Wrap-Up 7/19/2024

GeoServer Unauthenticated RCE This week, contributor h00die-gr3y added an interesting exploit module that targets the GeoServer open-source application. This software is used to view, edit, and share geospatial data. Versions prior to 2.23.6, versions between 2.24.0 and 2.24.3 and versions betwee...

CVE-2024-39962

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...

CVE-2024-39963

AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution RCE vulnerability via the macFilterType parameter at /goform/setMacFilterCfg...

CVE-2024-39962

D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21D240126 was discovered to contain a remote code execution RCE vulnerability in the ntpzoneval parameter at /goform/setntp. This vulnerability is exploited via a crafted HTTP request...

CVE-2024-39963

The CVE-2024-39963 issue affects the AX3000 Dual-Band Gigabit Wi‑Fi 6 Router models AX9 (V22.03.01.46) and AX12 (V1.0 V22.03.01.46). Affected component is the /goform/setMacFilterCfg API, where an authenticated user can trigger remote command execution via the macFilterType parameter. Impact is d...

CVE-2024-39962

CVE-2024-39962 affects the D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router (v21_D240126). The vulnerability is a remote code execution (RCE) in the ntp_zone_val parameter exposed via the /goform/set_ntp endpoint, exploitable through a crafted HTTP request. Multiple connected sources corr...

CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

CVE-2024-41111

CVE-2024-41111 affects Sliver 1.6.0 prerelease. The issue is remote code execution on the Sliver teamserver via a low‑privileged operator, executing as root. Exploitation relies on a command-injection in the generate msf-stager flow to inject flags into msfvenom and overwrite Sliver’s own Go bina...

CVE-2024-41111 BishopFox Sliver Authenticated Remote Code Execution

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

Sliver Allows Authenticated Operator-to-Server Remote Code Execution

Description Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. Impact As described in a past issue, "there is a clear security boundary between the operator and server, an operator should not inherently b...

GHSA-HC5W-GXXR-W8X8 Sliver Allows Authenticated Operator-to-Server Remote Code Execution

Description Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user. Impact As described in a past issue, "there is a clear security boundary between the operator and server, an operator should not inherently b...

CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...

CVE-2024-40629

CVE-2024-40629 affects JumpServer PAM. An attacker can misuse an Ansible playbook to write arbitrary files, triggering remote code execution in the Celery container. The Celery container runs as root and has database access, enabling access to secrets and the possibility to create an admin JumpSe...

CVE-2024-40629 Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver

JumpServer is an open-source Privileged Access Management PAM tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the Ansible playbook to write arbitrary files, leading to...