12 - 2022 - :: Deepquest ::

>> OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

USER: deepcore // 2022-12-01 // 0 CMT

OX App Suite versions 7.10.6 and below suffer from cross site scripting, server-side request forgery, and resource exhaustion vulnerabilities.

[EXPLOIT]

>> Microsoft Exchange ProxyNotShell Remote Code Execution

USER: deepcore // 2022-12-01 // 0 CMT

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can…

[EXPLOIT]

>> perfSONAR 4.4.4 Open Proxy / Relay

USER: deepcore // 2022-12-01 // 0 CMT

perfSONAR bundles with it a graphData.cgi script, used to graph and visualize data. There is a flaw in graphData.cgi allowing for unauthenticated users to proxy and relay HTTP/HTTPS traffic through…

[EXPLOIT]

>> perfSONAR 4.4.5 Cross Site Request Forgery

USER: deepcore // 2022-12-01 // 0 CMT

A partial blind cross site request forgery (CSRF) vulnerability exists in perfSONAR versions 4.x through 4.4.5 within the /perfsonar-graphs/ test results page. Parameters and values can be injected/passed via the…

>> OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption

Share this:

>> Microsoft Exchange ProxyNotShell Remote Code Execution

Share this:

>> perfSONAR 4.4.4 Open Proxy / Relay

Share this:

>> perfSONAR 4.4.5 Cross Site Request Forgery

Share this: