New module content (2)
Unauthenticated RCE in NetAlertX
Authors: Chebuya (Rhino Security Labs) and Takahiro Yokoyama
Type: Exploit
Pull request: #19868 contributed by Takahiro-Yoko
Path: linux/http/netalertx_rce_cve_2024_46506
AttackerKB reference: CVE-2024-46506
Description: A new module for an unauthenticated remote code execution bug in NetAlertX (CVE-2024-46506). An unauthenticated attacker can change the system configuration and then compel the application to run arbitrary system commands, leading to remote code execution.
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
Author: Michael Heinzl
Type: Exploit
Pull request: #19846 contributed by h4x-x0r
Path: windows/scada/mypro_mgr_cmd
AttackerKB reference: CVE-2024-47407
Description: A module for mySCADA myPRO Manager exploiting a command injection vulnerability (CVE-2024-47407) in the email parameter.
Enhancements and features (2)
#19851 from zeroSteiner - Updates the ad_cs_cert_template module to parse and display the flags field.
#19869 from adfoster-r7 - Removes the datastore_fallbacks feature flag and the corresponding code now that it is enabled by default.
Bugs fixed (3)
#19729 from sempervictus - Adds a fix for when an msfuser has established a shell ..
Support the originator by clicking the read the rest link below.
