This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25dGoogle's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
cdb42834359b17336047814d1c24845f606456dbe4e6aff5edac66c21aa577dbTHC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
9dd193b011fdb3c52a17b0da61a38a4148ffcad731557696819d4721d1bee76bDebian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
b78ada19cdad18133c1d75e67c6a3d412579cefae51613bdc1305bfaf34bc7beDebian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
1480d11098e522e1a4cec8195fa739e3296da2ba49c56c9ed78a071d88989612Ubuntu Security Notice 6160-1 - It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
8b6a655fc6838240998d7cd469c2413c5315a09e14069da4d3c5a84cff73fcd3Ubuntu Security Notice 6159-1 - It was discovered that Tornado incorrectly handled certain redirect. An remote attacker could possibly use this issue to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
7440ddb7e97150e1cf67daa00fd016cf9ebe9fd1c46535f1f9d68002fa456714Ubuntu Security Notice 6158-1 - It was discovered that Node Fetch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.
968ff904ef9f14fe3e77d238e9a2ee6369b1894eeb3c04eaf46e01fdd905979aUbuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
65e5345c6a2eff50bedd46c58f08263dddb24b4796a5b94947e949f12a360fb6Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
75ededaa7ebb9bc88370e1dcf331b0264869168ba7cd74f69b15381204808248Ubuntu Security Notice 6157-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.
b01cd6fd53124be83389f3f71bb29ce80f5daf831c84d7b8ac6ba8dc441c5fffUbuntu Security Notice 6148-1 - It was discovered that SNI Proxy did not properly handle wildcard backend hosts. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution.
73ed2f2b42d8fbf219d68ecb70c28ade57663eab3a64ccf40ecd1e390a89fea4Ubuntu Security Notice 6156-1 - It was discovered that SSSD incorrectly sanitized certificate data used in LDAP filters. When using this issue in combination with FreeIPA, a remote attacker could possibly use this issue to escalate privileges.
63578ae04fc3e81b06fa98a19bd7e8d2c47bcb07bf5872c1a28538556c4317f6Ubuntu Security Notice 6155-1 - Dennis Brinkrolf and Tobias Funke discovered that Requests incorrectly leaked Proxy-Authorization headers. A remote attacker could possibly use this issue to obtain sensitive information.
36886555e4ffe834520b499d96cab6905a0724841e5922e2e007f3843e76b975Ubuntu Security Notice 6154-1 - It was discovered that Vim was using uninitialized memory when fuzzy matching, which could lead to invalid memory access. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10 and Ubuntu 23.04. It was discovered that Vim was not properly performing bounds checks when processing register contents, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
8848b18b0396acfc52a2563f943aabe12e20a60d1698fb46840f08bf54c7de10ProLogin version 1.9 suffers from an insecure direct object reference vulnerability.
36f2fa8535bbb46e039186a15887f500fdfa9007841ab476d7fdce82ee62e103Piyanas version 0.1 suffers from a cross site request forgery vulnerability.
da33c7a3f20204afc57251323ce20a3ff63022f850048df90865809817a3df15phpAnalyzer version 2.0.4 appears to leave default credentials installed after installation.
d51987e4819d06b3df58aca60e11f4c08b120851934626b98c70303d40027d34EasyAnswer version 1.0.1 suffers from a cross site request forgery vulnerability.
8a8571d6c794a167c8e35842efa44a6c771bc100529859f16183e6a698ebae01Online Thesis Archiving System version 1.0 suffers from a remote SQL injection vulnerability.
c2b85344213729b28081ddd9f9688c1eaf052a6a2e3a0c5c6c894b00dd672edaXoops CMS version 2.5.10 suffers from a persistent cross site scripting vulnerability.
f50eae013be87413e7586e015b02f9f385d2883ba7fa473b31bd6af8b4e86ee9This proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.
891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed