This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() handler that calls ProcessReport() with the context of the attacker's request without properly checking if the attacker is authenticated or not. This request then causes ReportDataSerializer.DeserializeQuery() to be called, which will end up calling the DeserializeParameters() function of Sitecore.Analytics.Reporting.ReportDataSerializer, if a "parameters" XML tag is found in the attacker's request. Then for each subelement named "parameter", the code will check that it has a name and if it does, it will call NetDataContractSerializer().ReadObject on it. NetDataContractSerializer is vulnerable to deserialization attacks and can be trivially exploited by using the TypeConfuseDelegate gadget chain. By exploiting this vulnerability, an attacker can gain arbitrary code execution as the user that IIS is running as, aka NT AUTHORITY\NETWORK SERVICE. Users can then use technique 4 of the "getsystem" command to use RPCSS impersonation and get SYSTEM level code execution.
37520d596ad5e8973bf7abf8600f04a5fcf14f78a72969dd7133167779137a26Red Hat Security Advisory 2021-4687-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
8975c48d3ec649974d503a70b6cff4f3aad3ca04ec386c79faf177757d532bb6Red Hat Security Advisory 2021-4692-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
847aeb471e1110bdfe85f6db89222e1ad85df8245b5a0cced040604401db2facOnline Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
e13c0631f420057004b808a4af6435c2db1224089738b4762896aa208c6c4df8Red Hat Security Advisory 2021-4694-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.
ca09c474f0e91e916347044487070614fd45a0877ca9ed6745c44852d1a17b65Online Reviewer System version 2.4.0 suffers from a remote SQL injection vulnerability.
a951b4ea1f880e465a51547711d52c041491cc1eb00783d7294bde50fee12b77Red Hat Security Advisory 2021-4686-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.
59fc608642c39ed34840ad8fa2ba4a26855f03cce93c2014dac2e17a317f839fRed Hat Security Advisory 2021-4676-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
59883c5350fac5ce57f9d8280e3994257d1c0e2191733108d539d4822050df66CMDBuild version 3.3.2 suffers from cross site scripting vulnerabilities.
4734846032bacb6eee0bc2cd52d21b86df9d79d1d40b375fce87998897d9ae66Red Hat Security Advisory 2021-4679-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
69e5b45991a8e4e10e08110e84c38100f552d3edf30bc70c84fbc01b6394c3b4Red Hat Security Advisory 2021-4677-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
5c79b0730bbea92996ababbc21ca7b8b1162ab9b65016eb630060008ffaabd84Whitepaper called Pass-The-Hash Attack on Named Pipes against ESET Server Security. Written in Spanish.
f9316a93cdca8ab23c7d80dd39ad820bd1df91d1d115107172ebf3e6abcf7799
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed