TOP 21 Remote Code Execution Exploit’s #RCE #InTheWild

Estos son los 21 exploits mas importantes liberados en lo que va del año, asociados a ejecución remota de código y por donde fácilmente un atacante podría comprometer la red corporativa para ganar acceso a información crítica.

  1. Zimbra ≤ 8.7.11: https://sploitus.com/exploit?id=EDB-ID:46693 (12–04–2019)
  2. Jenkins 2.137 / 2.150: https://github.com/MarioBartolome/Jenkins-pRCE-exploit (15–03–2019) / https://cxsecurity.com/issue/WLB-2019020120 (13–02–2019)
  3. Oracle Weblogic Server (Raw Object): https://0day.today/exploit/32436 (28–03–2019)
  4. Palo Alto Networks PAN-OS ≤ 8.0.6: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/panos_readsessionvars.rb
  5. Splunk Enterprise 7.2.4: https://0day.today/exploits/32300 (04–03–2019)
  6. Nagios XL 5.5.10: https://packetstormsecurity.com/files/152496/Nagios-XI-5.5.10-XSS-Remote-Code-Execution.html (12–04–2019)
  7. PRTG Network Monitor 18.2.38: https://sploitus.com/exploit?id=EDB-ID:46527 (11–03–2019)
  8. Dell KACE Systems Management Appliance (K100) ≤ 6.4.120756: https://vulners.com/zdt/1337DAY-ID-32526 (10–04–2019)
  9. Rails 5.2.2: https://github.com/mpgn/Rails-doubletap-RCE (23–03–2019)
  10. PHP 7.2 imagecolormatch(): https://0day.today/exploit/32508 (09–04–2019)
  11. LimeSurvey < 3.16: https://0day.today/exploit/32470 (02–04–2019)
  12. Moodle 3.4.1: https://0day.today/exploit/32358 (15–03–2019)
  13. Wordpress 5.0 Core: https://www.exploit-db.com/exploits/46511 (01–03–2019)
  14. Drupal ≤ 8.6.9: https://0day.today/exploit/32314 (06–03–2019)
  15. Microsoft Windows MSHTML Engine: https://0day.today/exploit/32350 (13–03–2019)
  16. Microsoft .contact File RCE: https://www.exploit-db.com/exploits/46188 (17–01–2019) (https://vimeo.com/311759191)
  17. Apache Axis 1.4: https://www.exploit-db.com/exploits/46682 (09–04–2019)
  18. Apache UNO / LibreOffice 6.1.2 / OpenOffice 4.1.6 API: https://0day.today/exploit/32356 (14–03–2019)
  19. Cisco RV130W / RV320 / RV325: https://www.exploit-db.com/exploits/46705 (15–04–2019) / https://github.com/0x27/CiscoRV320Dump / (15–02–2019)
  20. Webmin ≤ 1.900: https://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec (14–03–2019)
  21. ManageEngine Applications Manager < 14: https://sploitus.com/exploit?id=PACKETSTORM:152565 (18-04–2019)

A modo recomendación, mantén actualizado el software/hardware crítico a su ultima versión disponible, instala los parches de seguridad sugeridos por los fabricantes y mantente informado sobre las ultimas vulnerabilidades asociadas a tus tecnologías y versiones.

Germán Fernández
www.cronup.com