This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization flaw. Uploading the file requires knowledge of the cryptographic keys used by RAU. The default values used by this module are related to CVE-2017-11317, which once patched randomizes these keys. It is also necessary to know the version of Telerik UI ASP.NET that is running. This version number is in the format YYYY.#(.###)? where YYYY is the year of the release (e.g. 2020.3.915).
1681e42767479128abf9e29c90cc76ef
The Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the software's underlying host.
725661dfbd6f55841367cc547d0ba030
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI. Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. A malicious boxmgmt user may potentially be able to consume large amount of CPU bandwidth to make the system slow or to determine the existence of any system file via Boxmgmt CLI.
c22adbdd431026937dde62858e1d4472
Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a local root command execution vulnerability.
644beef393e8a481559e2ac1d14d98e8
Dell EMC RecoverPoint versions prior to 5.1.2 suffer from a remote root command execution vulnerability.
6c11f1bc9ab032ba45ef40d9bb694a6f
Dell EMC RecoverPoint versions prior to 5.1.2 and Dell EMC RecoverPoint Virtual Machine (VM) versions prior to 5.1.1.3 suffer from command injection, LDAP password leak, and arbitrary file read vulnerabilities.
9df752365ddff28373f9dc6d6b03514f
EMC RecoverPoint version 4.3 suffers from an administrative CLI command injectionv vulnerability.
74681e8d90f13459f9d0a81fa0ea5de4
BMC BladeLogic RSCD Agent version 8.3.00.64 suffers from a windows users disclosure vulnerability.
9a5bc055f019f7c0dbca70e7a76dd801
BMC BladeLogic version 8.3.00.64 suffers from a remote command execution vulnerability.
ea127d0bd05261df457df3bc13d2ee7e
Red-Gate SQL Monitor versions prior to 3.10 and 4.2 suffers from an authentication bypass vulnerability.
849e97fb399ffa034d865ee280f85f45
NfSen version 1.3.7 and AlienVault OSSIM version 4.3.1 suffer from a customfmt command injection vulnerability.
e7f34839cb159cbb036031d2d0f759ef
NfSen version 1.3.7 and AlienVault USM/OSSIM version 5.3.4 suffer from a remote command injection vulnerability.
a5c06ecae8b80e27d7f7876e20f6c2d1
NfSen versions 1.3.7 and below and AlienVault USM/OSSIM versions 5.3.6 and below suffer from a local privilege escalation vulnerability.
787b269cad22ea86e1c32d8ac3022b2f