This module chains together three vulnerabilities to deploy a Core Impact agent with root privileges. First vulnerability CVE-2023-46805 is used to obtain the exact version of Ivanti Connect Secure installed on the system. Next, the module exploits a second vulnerability CVE-2024-21893 that allows the attacker to access certain restricted resources without authentication, leveraging a flaw in the SAML component. Finally, the module uses a third vulnerability CVE-2024-21887 that enables remote code execution with elevated privileges in the management component, facilitating the injection and execution of the Core Impact agent with root privileges. Also this update fixes a duplicated CVE in the Module Output
A server-side request forgery (SSRF) vulnerability has been identified in the SAML component of Ivanti Connect Secure (versions 9.x and 22.x), Ivanti Policy Secure (versions 9.x and 22.x), and Ivanti Neurons for ZTA. This vulnerability, designated CVE-2024-21893, allows an attacker to access restricted resources without authentication.
An XML External Entity Reference and a heap buffer overflow in the iconv() function of the GNU C Library allows unauthenticated remote attackers to execute system commands in Magento eCommerce Web Sites. This update adds module documentation and fixes some errors.
An XML External Entity Reference and a heap buffer overflow in the iconv() function of the GNU C Library allows unauthenticated remote attackers to execute system commands in Magento eCommerce Web Sites.
A SQL injection vulnerability in Fortra FileCatalyst Workflow versions 5.1.6 build 135 and earlier allows remote attackers, including anonymous ones, to exploit a SQL injection via the JOBID parameter.
This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable.
This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable.
An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable server. Successful exploitation would allow an attacker to read files from the underlying operating system, which may include sensitive information such as user data (which may include encrypted passwords)
CVE-2024-21887
An authenticated user can exploit a command injection vulnerability in the web components of Ivanti Connect Secure and Policy Secure (9.x and 22.x) to execute arbitrary commands.
CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti Connect Secure. This vulnerability allows an attacker to bypass control checks and access restricted resources. It affects all supported versions of Ivanti ICS and Policy Secure 9.x and 22.x
An authenticated user can exploit a command injection vulnerability in the web components of Ivanti Connect Secure and Policy Secure (9.x and 22.x) to execute arbitrary commands.
CVE-2023-46805 is an authentication bypass vulnerability in the web component of Ivanti Connect Secure. This vulnerability allows an attacker to bypass control checks and access restricted resources. It affects all supported versions of Ivanti ICS and Policy Secure 9.x and 22.x
An update for the module Oracle WebLogic WLS Core Components T3 Remote Code Execution Exploit that fixes a problem while using it in a pivoted context.
A java unsafe reflection vulnerability present in Gremlin scripting feature of Apache HugeGraph allows remote attackers to execute system commands in the context of the affected application.
A directory traversal vulnerability in the WebResourceServiceImpl class of org.sonatype.nexus.internal.webresources allows unauthenticated remote attackers to download any file, including system files outside of Sonatype Nexus Repository Manager application scope.