This module chains together three vulnerabilities to deploy a Core Impact agent with root privileges. First vulnerability CVE-2023-46805 is used to obtain the exact version of Ivanti Connect Secure installed on the system. Next, the module exploits a second vulnerability CVE-2024-21893 that allows the attacker to access certain restricted resources without authentication, leveraging a flaw in the SAML component. Finally, the module uses a third vulnerability CVE-2024-21887 that enables remote code execution with elevated privileges in the management component, facilitating the injection and execution of the Core Impact agent with root privileges. Also this update fixes a duplicated CVE in the Module Output
A server-side request forgery (SSRF) vulnerability has been identified in the SAML component of Ivanti Connect Secure (versions 9.x and 22.x), Ivanti Policy Secure (versions 9.x and 22.x), and Ivanti Neurons for ZTA. This vulnerability, designated CVE-2024-21893, allows an attacker to access restricted resources without authentication.
An XML External Entity Reference and a heap buffer overflow in the iconv() function of the GNU C Library allows unauthenticated remote attackers to execute system commands in Magento eCommerce Web Sites. This update adds module documentation and fixes some errors.
An XML External Entity Reference and a heap buffer overflow in the iconv() function of the GNU C Library allows unauthenticated remote attackers to execute system commands in Magento eCommerce Web Sites.
The Windows NT operating system kernel executable (ntoskrnl.exe) present in Microsoft Windows is vulnerable to a race condition, which can result in arbitrary memory write. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges.
The vulnerability exists due to a boundary error within the Windows DWMCORE library. A local user can trigger a heap-based buffer overflow and execute arbitrary code with the DWM user with Integrity System privileges.
An SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
A combination of a server-side request forgery vulnerability and an arbitrary file write vulnerability, allows unauthenticated attackers to execute commands with SYSTEM privileges in Microsoft Exchange Server.
This update adds several parameters for module flexibility; more log verbosity on errors and fixes a bug when using autodiscover to retrieve email SID.
This update adds several parameters for module flexibility; more log verbosity on errors and fixes a bug when using autodiscover to retrieve email SID.
A SQL injection vulnerability in Fortra FileCatalyst Workflow versions 5.1.6 build 135 and earlier allows remote attackers, including anonymous ones, to exploit a SQL injection via the JOBID parameter.
This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable.
This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable.
This update adds reliability improvements to check if the target is vulnerable.