SAP Unauthenticated WebService User Creation

This module leverages an unauthenticated web service to submit a job which will create a user with a specified role. The job involves running a wizard. After the necessary action is taken, the job is ...

Continue Reading
U.S. Dept Of Defense: SharePoint Web Services Exposed to Anonymous Access

Summary: Any unauthenticated/anonymous users are able to access the SharePoint Web Services (.wsdl files) for the ?????????? website. Description: The SharePoint installation for this particular site ...

Continue Reading
Kentico CMS 12.0.14 Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service S ...

Continue Reading
Kentico CMS 12.0.14 Remote Command Execution

Post ContentRead More ...

Continue Reading
RST Threat feed. IOC: https://ctldl.azureedge.net/v1/docs/wsdl

Found **https://ctldl[.]azureedge.net/v1/docs/wsdl** in [RST Th...Read More ...

Continue Reading
Improper Restriction of XML External Entity Reference in soa-model

Soa-model is a toolkit and Java API for WSDL, WADL and XML Schema. An XML External Entity (XXE) vulnerability exists in versions of soa-model prior to 1.6.4 in the WSDLParser function. This issue has ...

Continue Reading

Back to Main

Subscribe for the latest news: