Now I Control Your Resource Planning Servers
Sage X3 is a resource planning product designed by Sage Group which is designed
to help established businesses plan out their business operations. But what if
you wanted to do more than just manage resources? What if you wanted to hijack
the resource server itself? Well wait no more, as thanks to the work of Aaron
Herndon [https://www.linkedin.com/in/aaron-herndon-54079b5a/], Jonathan Peterson
New modules for Nagios, Chrome, and Haserl targets, and also many improvements and fixes!
Exploits for Oracle Solaris CVE-2020-14871 and Windows 7 CVE-2020-1054, plus enhancements and bug fixes for Railgun and msfdb init. Happy HaXmas!
SharePoint DataSet/DataTable deserialization
First up we have an exploit from Spencer McIntyre (@zeroSteiner) for
deserialization vulnerability in SharePoint instances that was patched by
Microsoft on July 14th 2020 and which has been getting quite a bit of attention
in the news lately. This module
[https://github.com/rapid7/metasploit-framework/pull/13920] utilizes Steven
Seeley (@stevenseeley)'s writeup al
Nine new modules, including three IBM Data Risk Manager exploits, a couple Windows privilege elevation modules, and a .NET deserialization exploit for Veeam ONE Agent. Plus, a new .NET deserialization tool that allows users to generate serialized payloads in the vein of YSoSerial.NET.