This Metasploit module exploits a deserialization vulnerability in the Report.ashx page of Sitecore XP 7.5 to 7.5.2, 8.0 to 8.0.7, 8.1 to 8.1.3, and 8.2 to 8.2.7. Versions 7.2.6 and earlier and 9.0 and later are not affected. The vulnerability occurs due to Report.ashx's handler, located in Sitecore.Xdb.Client.dll under the Sitecore.sitecore.shell.ClientBin.Reporting.Report definition, having a ProcessRequest() handler that calls ProcessReport() with the context of the attacker's request without properly checking if the attacker is authenticated or not. This request then causes ReportDataSerializer.DeserializeQuery() to be called, which will end up calling the DeserializeParameters() function of Sitecore.Analytics.Reporting.ReportDataSerializer, if a "parameters" XML tag is found in the attacker's request. Then for each subelement named "parameter", the code will check that it has a name and if it does, it will call NetDataContractSerializer().ReadObject on it. NetDataContractSerializer is vulnerable to deserialization attacks and can be trivially exploited by using the TypeConfuseDelegate gadget chain. By exploiting this vulnerability, an attacker can gain arbitrary code execution as the user that IIS is running as, aka NT AUTHORITY\NETWORK SERVICE. Users can then use technique 4 of the "getsystem" command to use RPCSS impersonation and get SYSTEM level code execution.
37520d596ad5e8973bf7abf8600f04a5fcf14f78a72969dd7133167779137a26
Red Hat Security Advisory 2021-4687-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
8975c48d3ec649974d503a70b6cff4f3aad3ca04ec386c79faf177757d532bb6
Red Hat Security Advisory 2021-4692-02 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
847aeb471e1110bdfe85f6db89222e1ad85df8245b5a0cced040604401db2fac
Online Learning System version 2.0 remote code execution exploit that leverages SQL injection, authentication bypass, and file upload vulnerabilities.
e13c0631f420057004b808a4af6435c2db1224089738b4762896aa208c6c4df8
Red Hat Security Advisory 2021-4694-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.
ca09c474f0e91e916347044487070614fd45a0877ca9ed6745c44852d1a17b65
Online Reviewer System version 2.4.0 suffers from a remote SQL injection vulnerability.
a951b4ea1f880e465a51547711d52c041491cc1eb00783d7294bde50fee12b77
Red Hat Security Advisory 2021-4686-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.
59fc608642c39ed34840ad8fa2ba4a26855f03cce93c2014dac2e17a317f839f
Red Hat Security Advisory 2021-4676-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
59883c5350fac5ce57f9d8280e3994257d1c0e2191733108d539d4822050df66
CMDBuild version 3.3.2 suffers from cross site scripting vulnerabilities.
4734846032bacb6eee0bc2cd52d21b86df9d79d1d40b375fce87998897d9ae66
Red Hat Security Advisory 2021-4679-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
69e5b45991a8e4e10e08110e84c38100f552d3edf30bc70c84fbc01b6394c3b4
Red Hat Security Advisory 2021-4677-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and memory leak vulnerabilities.
5c79b0730bbea92996ababbc21ca7b8b1162ab9b65016eb630060008ffaabd84
Whitepaper called Pass-The-Hash Attack on Named Pipes against ESET Server Security. Written in Spanish.
f9316a93cdca8ab23c7d80dd39ad820bd1df91d1d115107172ebf3e6abcf7799