New module content (4) GameOver(lay) Privilege Escalation and Container Escape Authors: bwatters-r7, g1vi, gardnerapp, and h00die Type: Exploit Pull request: #19460 contributed by gardnerapp Path: linux/local/gameoverlay_privesc AttackerKB reference: CVE-2023-2640 Description: Adds a module for CVE-2023-2640 and CVE-2023-32629, a local privilege escalation in some Ubuntu kernel versions that abuses overly trusting OverlayFS features. Clinic's Patient Management System 1.0 – Unauthenticated RCE Authors: Aaryan Golatkar and Oğulcan Hami Gül Type: Exploit Pull request: #19733 contributed by aaryan-11-x Path: multi/http/clinic_pms_fileupload_rce AttackerKB reference: CVE-2022-40471 Description: New exploit module for Clinic's Patient Management System 1.0 that targets CVE-2022-40471. The module exploits unrestricted file upload, which can be further used to get remote code execution (RCE) through a malicious PHP file. WordPress WP Time Capsule Arbitrary File Upload to RCE Authors: Rein Daelman and Valentin Lobstein Type: Exploit Pull request: #19713 contributed by Chocapikk Path: multi/http/wp_time_capsule_file_upload_rce AttackerKB reference: CVE-2024-8856 Description: This exploits a remote code execution (RCE) vulnerability (CVE-2024-8856) in the WordPress WP Time Capsule plugin (versions ≤ 1.22.21). This vulnerability allows unauthenticated attackers to upload and execute arbitrary files due to improper validation within the plugin. WSO2 API Manager Documentation File…Read More