CVE-2023-2935

Related Files

Sharepoint Dynamic Proxy Generator Remote Command Execution

Posted Mar 27, 2024

Authored by Jang, jheysel-r7 | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.

tags | exploit, remote, web, vulnerability

advisories | CVE-2023-24955, CVE-2023-29357

SHA-256 | 3b1724367c87a328eb0a2106c305037f2a413ec6310fe39613f91e443e4e1a9c

Download | Favorite | View

Gentoo Linux Security Advisory 202401-34

Posted Jan 31, 2024

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

tags | advisory, remote, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2023-2312, CVE-2023-2929, CVE-2023-2930, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-2937, CVE-2023-2938, CVE-2023-2939, CVE-2023-2940, CVE-2023-2941

SHA-256 | 7972c2b3410fb4ff7bc260ff0dcbf543f3953812125be87b697341fdd176fb86

Download | Favorite | View

Chrome v8::internal::Object::SetPropertyWithAccessor Type Confusion

Posted Jun 30, 2023

Authored by Google Security Research, Glazvunov

Google Chrome version 112.0.5615.137 and Chromium version 115.0.5737.0 suffer from a type confusion vulnerability in v8::internal::Object::SetPropertyWithAccessor.

tags | exploit

advisories | CVE-2023-2935

SHA-256 | ca1ae2932c65327ead4a64b612c744bc25a9a0ee96064ba953dcf011ba640f7e

Download | Favorite | View

Debian Security Advisory 5418-1

Posted Jun 5, 2023

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5418-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

tags | advisory, denial of service, arbitrary, info disclosure

systems | linux, debian

advisories | CVE-2023-2929, CVE-2023-2930, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-2937, CVE-2023-2938, CVE-2023-2939, CVE-2023-2940, CVE-2023-2941

SHA-256 | 84a636d11c6341fab403959a6a9d66ba7ff37699e8e47df760c6f1c8fe61267c

Download | Favorite | View