EUVD-2022-39241

Malicious code in bioql PyPI...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

Metasploit Weekly Wrap-Up

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync and Backup Software for Linux. Successful exploitation results in remote code execution under the context of the root user. Syncovery allows an authenticated user to create jobs,...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Syncovery For Linux Web-GUI Authenticated Remote Command Execution', 'Description' = %q This module exploits an authenticated...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution

This module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync & Backup Software for Linux. Successful exploitation results in remote code execution under the context of the root user. Syncovery allows an authenticated user to create jobs, which are...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X days. By default today and yesterday DAYS = 1 will be checked. If a valid session token is...

Metasploit Wrap-Up

Login brute-force utility Jan Rude added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave, destr4ct, and jheysel-r7...

Syncovery For Linux Web-GUI Login Utility

This module will attempt to authenticate to Syncovery File Sync & Backup Software For Linux Web-GUI. Module Options msf use auxiliary/scanner/http/syncoverylinuxlogin msf auxiliarysyncoverylinuxlogin show actions ...actions... msf auxiliarysyncoverylinuxlogin set ACTION msf...

Super Flexible Software Syncovery Cross-site Scripting (CVE-2022-36533)

A cross-site scripting vulnerability exists in Super Flexible Software Syncovery. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

The vulnerability of the Job_ExecuteBefore and Job_ExecuteAfter parameters in the post_profilesettings.php file of the Syncovery backup tool allows a hacker to increase their privileges.

The vulnerability of the JobExecuteBefore and JobExecuteAfter parameters in the postprofilesettings.php file of the Syncovery backup tool is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a remote attacker to increase their...

The vulnerability of the Login component in the file post_applogin.php is related to the ability to decode the session token of the Syncovery backup tool, which allows a hacker to increase their privileges.

The vulnerability of the Login component in the postapplogin.php file is related to the possibility of decoding the session token of the Syncovery backup tool. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...