This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25d
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
cdb42834359b17336047814d1c24845f606456dbe4e6aff5edac66c21aa577db
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
9dd193b011fdb3c52a17b0da61a38a4148ffcad731557696819d4721d1bee76b
Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
b78ada19cdad18133c1d75e67c6a3d412579cefae51613bdc1305bfaf34bc7be
Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
1480d11098e522e1a4cec8195fa739e3296da2ba49c56c9ed78a071d88989612
Ubuntu Security Notice 6160-1 - It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
8b6a655fc6838240998d7cd469c2413c5315a09e14069da4d3c5a84cff73fcd3
Ubuntu Security Notice 6159-1 - It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
7440ddb7e97150e1cf67daa00fd016cf9ebe9fd1c46535f1f9d68002fa456714
Ubuntu Security Notice 6158-1 - It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.
968ff904ef9f14fe3e77d238e9a2ee6369b1894eeb3c04eaf46e01fdd905979a
Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
65e5345c6a2eff50bedd46c58f08263dddb24b4796a5b94947e949f12a360fb6
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
75ededaa7ebb9bc88370e1dcf331b0264869168ba7cd74f69b15381204808248
Ubuntu Security Notice 6157-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.
b01cd6fd53124be83389f3f71bb29ce80f5daf831c84d7b8ac6ba8dc441c5fff
Ubuntu Security Notice 6148-1 - It was discovered that SNI Proxy did not properly handle wildcard backend hosts. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution.
73ed2f2b42d8fbf219d68ecb70c28ade57663eab3a64ccf40ecd1e390a89fea4
Ubuntu Security Notice 6156-1 - It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.
63578ae04fc3e81b06fa98a19bd7e8d2c47bcb07bf5872c1a28538556c4317f6
Ubuntu Security Notice 6155-1 - Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information.
36886555e4ffe834520b499d96cab6905a0724841e5922e2e007f3843e76b975
Ubuntu Security Notice 6154-1 - It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
8848b18b0396acfc52a2563f943aabe12e20a60d1698fb46840f08bf54c7de10
ProLogin version 1.9 suffers from an insecure direct object reference vulnerability.
36f2fa8535bbb46e039186a15887f500fdfa9007841ab476d7fdce82ee62e103
Piyanas version 0.1 suffers from a cross site request forgery vulnerability.
da33c7a3f20204afc57251323ce20a3ff63022f850048df90865809817a3df15
phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation.
d51987e4819d06b3df58aca60e11f4c08b120851934626b98c70303d40027d34
EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.
8a8571d6c794a167c8e35842efa44a6c771bc100529859f16183e6a698ebae01
Online Thesis Archiving System version 1.0 suffers from a remote SQL injection vulnerability.
c2b85344213729b28081ddd9f9688c1eaf052a6a2e3a0c5c6c894b00dd672eda
Xoops CMS version 2.5.10 suffers from a persistent cross site scripting vulnerability.
f50eae013be87413e7586e015b02f9f385d2883ba7fa473b31bd6af8b4e86ee9
This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.
891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9