114 matches found
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...
CVE-2023-2784
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...
Code injection
Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps...
CVE-2023-2784
Mattermost suffers from an authorization issue in the Apps install flow: the server does not verify whether the requestor is a sysadmin before accepting install requests to Apps, enabling regular users to initiate installation via the Apps API endpoint. This is documented across multiple sources ...
CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload
The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...
Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of...
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads...
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads...
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
CVE-2022-22831
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header...
CVE-2022-22831
CVE-2022-22831 affects Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user by manipulating the Authorization HTTP header, due to insufficient validation in that header. The result is an unauthorized, unauthenticated privilege escalation to a highly privileged admin account, with high i...
Servisnet Tessa - Add sysAdmin User (Unauthenticated) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...
Servisnet Tessa 授权问题漏洞
Servisnet Tessa is a web application from Servisnet Turkey. Servisnet Tessa version 0.0.2 suffers from an authorization issue vulnerability that stems from a lack of valid validation in the Authorization HTTP header. An attacker can use this vulnerability to add a new sysadmin user by manipulatin...
Servisnet Tessa Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...
Servisnet Tessa - Add sysAdmin User (Unauthenticated) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Servisnet Tessa - Add sysAdmin User Unauthenticated Metasploit', 'Description' = %q This module exploits an authentication bypass in Servisnet...
CVE-2021-43397
LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin or User Admin to Sysadmin...
The SysAdmin Class for the World’s Greatest Role-Playing Game
If you’re not sure what a System Administrator SysAdmin does, this is the person in your company or possibly an external contractor who fearlessly oversees the maintenance, care, configuration, and stable operation of your computers and servers. It’s your SysAdmin who is responsible for the...
A week in security (April 19 – 25)
Last week on Malwarebytes Labs, we interviewed Youssef Sammouda, a 21-year-old bug bounty hunter who is focused on finding vulnerabilities on Facebook. We looked into the CodeCov supply-chain attack, the vulnerabilities in Pulse Secure VPN that are being actively exploited by attackers, and the...
SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence
A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromis...
The Top Free Tools for Sysadmins in 2021
It's no secret that sysadmins have plenty on their plates. Managing, troubleshooting, and updating software or hardware is a tedious task. Additionally, admins must grapple with complex webs of permissions and security. This can quickly become overwhelming without the right tools. If you're a...