Ecshop Remote Code Execution Vulnerability

0 views
Skip to first unread message

Jule Kue

unread,
Aug 5, 2024, 12:50:09 AM8/5/24
to anvolosua
GitLabCommunity Edition and GitLab Enterprise Edition are prone to remote code-execution vulnerabilities via GitHub Import. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial of service conditions.

Immunity email over to E-SPIN dated 29-Aug-2022 inform D2 Elliot has been discontinued. The post is keep and serve as archive for those who look for the information. Exploitation frameworks traditionally focus on network penetration testing, D2 Elliot Web Exploitation Framework for web application pentesting is focused on closing the gap. Traditional network based exploitation frameworks lack the robust functionality of web based exploitation like manual web application security testing tools. D2 Elliot Web Exploitation Framework for web application pentesting helps enterprises to replicate real-life attacks during web application penetration testing by providing a powerful framework and efficient exploits and tools, validating vulnerability scans and revealing which data would be at risk. It is a good companion to the customer in the pentesting field and looks to complement their existing pentesting toolkit in hand to cover the web exploitation, red team operations.


D2 Elliot Web Exploitation Framework provides you hundreds of ready-to-use web exploits and tools. Exploit can be used with several optimized payloads especially designed for each kind of vulnerability.


D2 Elliot provides several hundreds of exploits for web application. When you get remote command execution on a web application you could need to go more deeper on the server and on the network. Using a MOSDEF node to do that seems an efficient way.


In D2 Exploitation Pack for Immunity CANVAS you can find d2sec_elliot, it makes available to CANVAS all the Elliot exploits which can give you a remote command execution (RFI, RCE or File Upload vulnerability for example). The most interesting part of this module is the ability to automatically gain a MOSDEF node from an Elliot exploit.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firmware version and engine version willnot change, signature version will change to 5.6.10.35693. This package include changed rules:



new rules:

1. threat[31323]:Huizhi ERP Filehandle Arbitrary File Reading Vulnerability

2. threat[27708]:Holographic AI Network Operation And Maintenance Platform Command Execution Vulnerability

3. threat[31321]:Suspected Nmap Enip Scanning Behavior

4. threat[27707]:Yonyou NC UserAuthenticationServlet Deserializes RCE Vulnerability

5. threat[27704]:Redhaven EHR kqFile.mob Arbitrary File Upload Vulnerability

6. threat[31325]:Tianwen Property ERP System VacantDiscountDownLoad Arbitrary File Reading Vulnerability

7. threat[31326]:Tianwen Property ERP System ParkingFeelFileDownLoad.aspx Arbitrary File Reading Vulnerability

8. threat[31322]:31322 HuatianPower OA downloadWpsFile Arbitrary File Reading vulnerability

9. threat[27709]:SpringBlade tenant/list SQL Injection Vulnerability(CVE-2024-33332)

10. threat[27710]:SpringBlade dict-biz/list SQL Injection Vulnerability

11. threat[27712]:Spring Cloud Data Flow Remote Code Execution Vulnerability (CVE-2024-37084)

12. threat[27713]:FineVis data visualization plugin arbitrary file write vulnerability











Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firmware version and engine version willnot change, signature version will change to 5.6.10.35656. This package include changed rules:



new rules:

1. threat[27681]:Landray EIS org_examine SQL Injection Vulnerability

2. threat[27682]:Kexun Campus Card Management System Multiple SQL Injection Vulnerability

3. threat[27683]:WeChat Public Platform Unlimited Callback System /user/ajax.php SQL Injection Vulnerability

4. threat[27685]:Wanhu OA file2Html.controller Arbitrary File Upload

5. threat[27686]:Tongda OA get_columns.php SQL Injection Vulnerability

6. threat[27684]:Ketuoquan Intelligent Parking Toll System Webservice.asmx Arbitrary File Upload Vulnerability

7. threat[42113]:Goby Tool Scans For Attack Detection _2

8. threat[27688]:FineReport soft report view form SQL Injection Vulnerability

9. threat[27687]:FineReport Arbitrary File Upload Vulnerability

10. threat[42114]:Nmap OS System Scanning Behavior

11. threat[27689]:Fujian Kelixun Communication Command and Dispatch Management Platform invite_one_ptter Remote Command Execution Vulnerability

12. threat[27690]:Yonyou KSOA PreviewKPQT SQL Injection Vulnerability

13. threat[27669]:Dahua Smart Park channels SQL Injection Vulnerability

14. threat[27691]:Feixun Cloud-WMS /MyDown/MyImportData front-end SQL injection vulnerability

15. threat[27692]:TOTOLINK apcli_do_enr_pin_wps Command Execution Vulnerability

16. threat[27693]:Lenovo Cloud Disk Arbitrary User Login Vulnerability

17. threat[27694]:Fanwei E-Mobile system installOperate interface SSRF vulnerability





update rules:

1. threat[31316]:Apache Pulsar Directory Traversal Vulnerability(CVE-2024-27317)

2. threat[30869]:E-office leave_record.php SQL Injection Vulnerability





Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firmware version and engine version willnot change, signature version will change to 5.6.10.35615. This package include changed rules:





new rules:

1. threat[31312]:Glodon Linkworks GetAllData Information Leakage Vulnerability

2. threat[27665]:Landray EIS DingUsers.aspx SQL Injection Vulnerability

3. threat[27666]:Weaver e-cology9 WorkPlanService front-end SQL Injection Vulnerability

4. threat[27676]:Seeyon OA ConstDef Interface Remote Code Execution Vulnerability

5. threat[27670]:DedeCMS article_template_rand.php Remote Code Execution Vulnerability

6. threat[31315]:Yonyou U9cloud TransWebService. asmx Information Leakage Vulnerability

7. threat[27674]:DedeCMS sys_verizes.php Remote Code Execution Vulnerability

8. threat[27672]:Yonyou CRM customer relationship management system import.php arbitrary file upload vulnerability

9. threat[27675]:Allegra Excel Import Insecure Deserialization Vulnerability(CVE-2024-22506)

10. threat[31316]:Apache Pulsar Directory Traversal Vulnerability(CVE-2024-27317)

11. threat[27668]:Glodon OA arbitrary file read vulnerability





update rules:

1. threat[31310]:Runqian report dataSphereServlet Arbitrary File Read Vulnerability

2. threat[27652]:FanRuan ReportingV10 ReportServer SQL Injection Vulnerability

3. threat[27657]:Magicflue mailupdate.jsp Interface Arbitrary File Upload Vulnerability(CVE-2024-28441)





Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firmware version and engine version willnot change, signature version will change to 5.6.10.35564. This package include changed rules:





new rules:

1. threat[27643]:Fujian Kelixun Communication Command and Dispatch Management Platform ajax_users. php SQL Injection Vulnerability

2. threat[27640]:Tongtianxing CMS V6 Vehicle Positioning Monitoring Platform disables SQL Injection Vulnerability

3. threat[31305]:Tianwen Property ERP System AreaAvatarDownLoad.aspx Arbitrary File Reading Vulnerability

4. threat[27641]:Yisaitong Electronic Document Security Management System NoticeAjax Interface SQL Injection Vulnerability

5. threat[27642]:Yisaitong Electronic Document Security Management System NetSecConfigAjax Interface SQL Injection Vulnerability

6. threat[27644]:1Panel front-end SQL injection vulnerability (CVE-2024-39911)

7. threat[27652]:FanRuan ReportingV10 ReportServer SQL Injection Vulnerability

8. threat[27654]:TRS Arbitrary File Upload Vulnerability

9. threat[27648]:Yonyou U8 Cloud KeyWordDetailReportQuery And KeyWordReportQuery SQL Injection Vulnerability

10. threat[27645]:Hikvision Integrated Security Management Platform detection Front-end RCE Vulnerability

11. threat[27651]:Inspur Cloud Financial System Command Execution Vulnerability

12. threat[27650]:Fujian Kelixun Communication Command and Dispatch Management Platform invite_one_member Remote Command Execution Vulnerability



update rules:

1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228/CVE-2021-45046)





Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.


NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R10F00 and engine version 5.6R10F00. This is a total upgrade package. After upgrade package is imported, firmware version and engine version willnot change, signature version will change to 5.6.10.35535. This package include changed rules:



new rules:

1. threat[27633]:Weaver e-cology background code execution vulnerability

2. threat[27639]:Landray OA front-end code execution vulnerability



update rules:

1. threat[27352]:Landray OA dataxml.jsp Remote Code Execution Vulnerability

2. threat[26425]:Weaver ecology Login Bypass Vulnerability





Announcements:

1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.

3a8082e126
Reply all
Reply to author
Forward
0 new messages