This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: AspectSoftware Unified IP Unified Director - Unauthenticated File Upload and SMB Coercion Attack | |
| # Date: 12/08/2024 | |
| # CVE-2024-56973 | |
| # Exploit Authors: Victor A. Morales, GM Sectec Inc. | |
| # Vendor Homepage: https://www.alvaria.com/ | |
| # Affected Versions: < 7.4 SP2 | |
| # Platform: Windows | |
| # Description (Unauthenticated File Upload) | |
| The file ProcessUploadFromURL.jsp used in Unified IP Unified Director below versions 7.4 SP2, allows arbitrary files to be uploaded from a remote server to the same directory where ProcessUploadFromURL.jsp is located without prior authentication. This allows an attacker to upload a malicious JSP file by specifying a remote server and file in the source and filename parameters respectively. The file can then be accessed by navigating to "/UnifiedDirector/<file>", leading to remote code execution. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Instant Financial Issuance (On Premise) Software (formerly CardWizard) - Sensitive Information Disclosure | |
| # Date: 08/20/2024 | |
| # Exploit Authors: Victor A. Morales, Omar A. Crespo, GM Sectec Inc. | |
| # Vendor Homepage: https://trustedcare.entrust.com/login | |
| # Version: 6.10.0, 6.9.0, 6.9.1, 6.9.2, 6.8.x and older | |
| # Instant Financial Issuance as a Service (8.x) is not affected. | |
| # Fix: Entrust Security Bulletin E24-003 | |
| # Tested on: Windows Server 2019 Standard Build 17763 | |
| # CVE: CVE-2024-39341 |
NewerOlder