Last updated at Fri, 04 Oct 2024 14:31:24 GMT
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304 contributed by heyder
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento which is being tracked as CVE-2024-34102.
Ghostscript Command Execution via Format String
Authors: Christophe De La fuente and Thomas Rinsma
Type: Exploit
Pull request: #19313 contributed by cdelafuente-r7
Path: multi/fileformat/ghostscript_format_string_cve_2024_29510
AttackerKB reference: CVE-2024-29510
Description: This adds an exploit module targeting CVE-2024-29510, a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands.
Softing Secure Integration Server v1.22 Remote Code Execution
Authors: Chris Anastasio (muffin) of Incite Team, Imran E. Dawoodjee imrandawoodjee.infosec@gmail.com, and Steven Seeley (mr_me) of Incite Team
Type: Exploit
Pull request: #19084 contributed by ide0x90
Path: windows/http/softing_sis_rce
CVE reference: ZDI-22-1156
Description: This adds a module targeting CVE-2022-1373 and CVE-2022-2334 as an exploit chain against Softing Secure Integration Server 1.22.
Enhancements and features (2)
- #19338 from adfoster-r7 - Improves error handling and progress tracking in the
auxiliary/gather/kerberos_enumusers
andgather/asrep
modules. - #19340 from adfoster-r7 - Improve
setg SessionLogging support
to work with command shells, as well as allowing logging to be turned on/off at any point - not just for newly created sessions.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
NEVER MISS AN EMERGING THREAT
Be the first to learn about the latest vulnerabilities and cybersecurity news.
Subscribe Now