EUVD-2022-39241

Malicious code in bioql PyPI...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'date' require 'json' require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/syncoveryfilesyncbackup'...

Metasploit Weekly Wrap-Up

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Syncovery For Linux Web-GUI Authenticated Remote Command Execution', 'Description' = %q This module exploits an authenticated...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution Exploit

This Metasploit module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync and Backup Software for Linux. Successful exploitation results in remote code execution under the context of the root user. Syncovery allows an authenticated user to create jobs,...

Syncovery For Linux Web-GUI Authenticated Remote Command Execution

This module exploits an authenticated command injection vulnerability in the Web GUI of Syncovery File Sync & Backup Software for Linux. Successful exploitation results in remote code execution under the context of the root user. Syncovery allows an authenticated user to create jobs, which are...

Syncovery For Linux Web-GUI Session Token Brute-Forcer

This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X days. By default today and yesterday DAYS = 1 will be checked. If a valid session token is...

Metasploit Wrap-Up

Login brute-force utility Jan Rude added a new module that gives users the ability to brute-force login for Linux Syncovery. This expands Framework's capability to scan logins to Syncovery, a popular web GUI for backups. WordPress extension SQL injection module Cydave, destr4ct, and jheysel-r7...

Syncovery For Linux Web-GUI Login Utility

This module will attempt to authenticate to Syncovery File Sync & Backup Software For Linux Web-GUI. Module Options msf use auxiliary/scanner/http/syncoverylinuxlogin msf auxiliarysyncoverylinuxlogin show actions ...actions... msf auxiliarysyncoverylinuxlogin set ACTION msf...

Super Flexible Software Syncovery Cross-site Scripting (CVE-2022-36533)

A cross-site scripting vulnerability exists in Super Flexible Software Syncovery. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36534

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain multiple remote code execution RCE vulnerabilities via the JobExecuteBefore and JobExecuteAfter parameters at postprofilesettings.php...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

CVE-2022-36536

An issue in the component postapplogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens...

CVE-2022-36533

Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting XSS vulnerability...