all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Sharepoint Dynamic Proxy Generator Remote Command Execution

Add to bookmarks
March 27, 2024, 2:52 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, …

admin attackers authentication authentication bypass bypass command cve cve-2023-29357 dynamic exploits generator june may metasploit noted proxy remote command execution sharepoint vulnerabilities vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Wireshark Analyzer 4.2.5 2 days, 7 hours ago | packetstormsecurity.com
capture code commercial features +14
Packet Fence 13.2.0 2 days, 7 hours ago | packetstormsecurity.com
abnormal access access control a network +21
SIPPTS 4.0 2 days, 7 hours ago | packetstormsecurity.com
audit check devices protocol +13
Debian Security Advisory 5692-1 2 days, 7 hours ago | packetstormsecurity.com
advisory arbitrary code code debian +18
Debian Security Advisory 5691-1 2 days, 7 hours ago | packetstormsecurity.com
advisory arbitrary code browser clickjacking +16
Debian Security Advisory 5689-1 2 days, 7 hours ago | packetstormsecurity.com
advisory arbitrary code aware chromium +19
Debian Security Advisory 5690-1 2 days, 7 hours ago | packetstormsecurity.com
advisory click debian debian linux security +11
Ubuntu Security Notice USN-6766-2 2 days, 7 hours ago | packetstormsecurity.com
action attacker conditions denial of service +16
Red Hat Security Advisory 2024-2852-03 2 days, 7 hours ago | packetstormsecurity.com
advisory apache build developer +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street
View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark
View on infosec-jobs.com