New module content (2) GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: #18821 contributed by n00bhaxor Path: gather/gitlab_tags_rss_feed_email_disclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an information disclosure vulnerability (CVE-2023-5612) in Gitlab versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 to retrieve user email addresses via tags feed. BoidCMS Command Injection Authors: 1337kid and bwatters-r7 Type: Exploit Pull request: #18827 contributed by bwatters-r7 Path: multi/http/cve_2023_38836_boidcms AttackerKB reference: CVE-2023-38836 Description: This PR adds an authenticated RCE against BoidCMS versions 2.0.0 and earlier. The underlying issue in the vulnerability CVE-2023-38836 is that the file upload check allows a php file to be uploaded and executes as a media file if the GIF header is present in the PHP file. Enhancements and features (11) #18686 from h00die – This updates the existing auxiliary/scanner/ssh/ssh_version module with new checks for supported cryptographic algorithms and version detection capabilities. #18715 from errorxyz – This adds a Splunk library for use by future modules. It also updates the existing exploit/multi/http/splunk_privilege_escalation_cve_2023_32707 module to use it. #18796 from errorxyz – This updates the ManageEngine Endpoint Central and ServiceDesk Plus RCE modules for CVE-2022-47966….Read More