This Metasploit module exploits a vulnerability in the SmarterTools SmarterMail software for version numbers 16.x and below or for build numbers below 6985. The vulnerable versions and builds expose three .NET remoting endpoints on port 17001, namely /Servers, /Mail and /Spool. For example, a typical installation of SmarterMail Build 6970 will have the /Servers endpoint exposed to the public at tcp://0.0.0.0:17001/Servers, where serialized .NET commands can be sent through a TCP socket connection. The three endpoints perform deserialization of untrusted data (CVE-2019-7214), allowing an attacker to send arbitrary commands to be deserialized and executed. This module exploits this vulnerability to perform .NET deserialization attacks, allowing remote code execution for any unauthenticated user under the context of the SYSTEM account. Successful exploitation results in full administrative control of the target server under the NT AUTHORITY\SYSTEM account. This vulnerability was patched in Build 6985, where the 17001 port is no longer publicly accessible, although it can be accessible locally at 127.0.0.1:17001. Hence, this would still allow for a privilege escalation vector if the server is compromised as a low-privileged user.
c00513d64b0afbcf82cfd8c3569e9b9bd32c506402e79960d11808c409ea5c44In Apache CouchDB versions prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.
adaa831a27cc8a7dbc13e63bb293d887542dcd7e9b4a0d6eb85acf4fc9076b08Odoo version 12.0.20190101 suffers from an unquoted service path vulnerability.
469df8497a4e7de028d861d23a77481ee88f1eec8fd644fb09ea4107b5e9674aNodeBB Emoji plugin version 3.2.1 suffers from an arbitrary file write vulnerability.
b8efb1e731fd411b0d82d14ee601854ed4c4affe7d5760b5648cf818e59afbaaGolden FTP Server version 4.70 PASS buffer overflow exploit.
16159dc816f140941e09c862768fbfab9dfff7504f561762b8f4cadfc2699872Erlang makes use of a cookie that can be leveraged to achieve remote code execution.
3c91fa1b316d38e294d40bca8209e79fd95b48d90b51b04f59fbb814a69e7588Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability.
d8b1ad15495ef283352b6263e8b025b0ccf7349179f8c4e37eb756adbe9fb845H2 Database version 1.4.199 JNI code execution exploit. This exploit utilizes the Java Native Interface to load a a Java class without needing to use the Java Compiler.
8c32746a6cf9be833e68c6b86a98feaea801217d883850845670c99360385e63Gitea version 1.7.5 suffers from a remote code execution vulnerability.
1544539ce83b000103667a0a303a81c41b8f6cf76dba3ecfa900b7f4f6a20f7fPaperStream IP (TWAIN) version 1.42.0.5685 suffers from a local privilege escalation vulnerability.
28348cc78dc388c9a87f5713f56eec3911b65f88876efe3212b98acd43384138SmarterMail build version 6985 suffers from a remote code execution vulnerability.
03a34ec5b65f814667108d5769e315ba381562b01bceb44b9f6931123cc94443OpenSMTPD version 6.6.2 remote code execution exploit.
abe43f7110bb331986cc5d9ed522108c73061ac20671c668b7da6fcdfb9996c1Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.
fce413bdfabb6b3915f35ab909f61f24a643c6aa052c9135d2737a1eb83f5a47FreeSWITCH version 1.10.1 suffers from a command execution vulnerability.
cf5fac441e8fe1dc7aaac84e56a66ed60a726d5a5793daf6ad13450b79035913
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed