This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.
3b1724367c87a328eb0a2106c305037f2a413ec6310fe39613f91e443e4e1a9c
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.
5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5
A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.
769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0
Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
626a0b8a1438ccde6a1826653d3285d7f2a9a3cd644e2dfcfff06f2bc14e0f9d
Ubuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.
c7e276778f2c974b0aa76f968f7adfbc3e4984a93e8eaf31675ad13306e8e12a
Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.
6dada91b5125e5cbc3f8d9cb9d59a5f937052241fe1e5481dab19199fced220c
Orange Station version 1.0 suffers from a remote shell upload vulnerability.
5a9f8a0ab40cab9d931909357ed512b4a4e0910b05218556dc4ed1977fa5b4d8
Ubuntu Security Notice 6704-3 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
01efe4c147c2288e39cc2669dc4bb7d1e7e1641d78d25efb20089e9afb739cf7
Nagios XI versions 2024R1.01 suffers from a remote SQL injection vulnerability.
68cad0f6ebae36d741e3c09fbbc2013acb66e4c861404dd3fb579aa2eaef4245
MobileShop Master version 1.0 suffers from a remote SQL injection vulnerability.
5382f069d5f87ca82e7aaa55d06e27880b17bfe303bf5c846c032003643ba5ec
LBT-T300-mini1 suffers from a remote buffer overflow vulnerability.
0d5605d4bf931abe29807024d5f54120a110b26a29b7d0372e0c12e6e2b5b118
Ubuntu Security Notice 6712-1 - It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to bypass access controls.
a9f0f6ed74484540e723d579471876cf9ff4f03a08ad177e2826858111934cf8
Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.
9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49a
Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
19d5f8c5ea06895a1df525a3f2aa900e859bf45ece3512286a979c45e7883470
Ubuntu Security Notice 6709-1 - It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.
a3c85443f6ce0636dc4acc75b294ee38bc75374485acad341a73a787d547a0cb
Ubuntu Security Notice 6704-2 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
f06bcd3c690a7a1a9aa03506a63b723e669f5ad31c8c9917af3280e58f9883e5
Ubuntu Security Notice 6704-1 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
6ed1a66dd66da03109747a9db9ed61695441d8d245bcbdd9a6cefe18cb9a4b2c
Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.
12e46eeac4843dfaaf4f61083381648a44692cd6a4aade7ab73a5901f82f2336
Ubuntu Security Notice 6703-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Hubert Kario discovered that Firefox had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.
8925f4bfe2e00238817e4e82aaa72fa22ab5cbc166f07e21afc8f8a239ee2279
Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.
29cd0f77cb023005e072aa804706b800801834d76af7a7c5e48d06e82ffa8bc4
Blood Bank version 1.0 suffers from suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021.
d95668292b4799b2459459dabbaf67baf0ecfb0c50e8731e1aa0858d71bc0d09
Simple Task List version 1.0 suffers from a remote SQL injection vulnerability.
3d7d08d11026b2dd3229567d42244f4b661bad830d96053161fec984a11d837d
Teacher Subject Allocation Management System version 1.0 suffers from a remote SQL injection vulnerability.
70201b7921db68f4cd1eabfe9d49fef650e64263d687be24d951e0f1d2287e83
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.
a6b19ec46406ffd95a91f57125dc469d0979113c3d6a82b162a1b682d2ed2eca
Tramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.
b6a01bb6956141a3ae4c607cc789894c67a647629befb99a934046f4a4a462f1