Lucene search
+L

113 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/07/26 6:7 p.m.43 views

Metasploit Weekly Wrap-Up 07/26/2024

New module content 3 Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: 19304 contributed by heyder Path: gather/magentoxxecve202434102 AttackerKB reference: CVE-2024-34102 Description: This adds an auxiliary module for an XXE which resul...

9.8CVSS8.3AI score0.99994EPSS
Exploits35
Packet Storm
Packet Storm
added 2024/07/22 12:0 a.m.255 views

Softing Secure Integration Server 1.22 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' require 'metasploit/framework/loginscanner/softingsis' class MetasploitModule 'Softing Secure Integration Server v1.22 Remote Code Execution', 'Description...

7.2CVSS7.4AI score0.10229EPSS
Exploits3
0day.today
0day.today
added 2024/07/22 12:0 a.m.450 views

Softing Secure Integration Server 1.22 Remote Code Execution Exploit

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using t...

7.2CVSS8.2AI score0.10229EPSS
Exploits3
OSV
OSV
added 2024/05/03 3:15 a.m.5 views

CVE-2023-39482

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

6.5CVSS5.7AI score0.0111EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.42 views

CVE-2023-39482

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

6.5CVSS4.8AI score0.0111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-39479

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS5.4AI score0.01252EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/03 3:15 a.m.22 views

CVE-2023-39480

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

6.5CVSS5AI score0.00959EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.6 views

CVE-2023-39480

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

6.5CVSS5.6AI score0.00959EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.11 views

CVE-2023-39482

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

6.5CVSS5.7AI score0.0111EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/03 3:15 a.m.26 views

CVE-2023-39479

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.7AI score0.01252EPSS
Exploits0References1
OSV
OSV
added 2024/05/03 3:15 a.m.5 views

CVE-2023-39478

Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

8.8CVSS5.8AI score0.01252EPSS
Exploits0References1
NVD
NVD
added 2024/05/03 3:15 a.m.34 views

CVE-2023-39478

Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

8.8CVSS6.9AI score0.01252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.15 views

CVE-2023-39482 Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

4.9CVSS6AI score0.0111EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.44 views

CVE-2023-39482 Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability

Softing Secure Integration Server Hardcoded Cryptographic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

4.9CVSS5.1AI score0.0111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.19 views

CVE-2023-39481 Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability

Softing Secure Integration Server Interpretation Conflict Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, th...

6.6CVSS7.9AI score0.01252EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:10 a.m.57 views

CVE-2023-39480

CVE-2023-39480 affects Softing Secure Integration Server, specifically the FileDirectory OPC UA Objects handling. The flaw allows remote attackers to create arbitrary files on affected installations by exploiting unauthorized access to the filesystem, with authentication required but bypassable. ...

6.5CVSS5.1AI score0.00959EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.28 views

CVE-2023-39480 Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

4.4CVSS5.3AI score0.00959EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.15 views

CVE-2023-39480 Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability

Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

4.4CVSS7.3AI score0.00959EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:10 a.m.11 views

CVE-2023-39479 Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing...

6.6CVSS7.3AI score0.01252EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:10 a.m.33 views

CVE-2023-39479 Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability

Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing...

6.6CVSS6.9AI score0.01252EPSS
Exploits0References1
Rows per page
Query Builder