Skip to content

Goby Beta 2.2.0

Latest
Latest
Compare
Choose a tag to compare
@gobysec gobysec released this 17 Jan 10:55
· 4 commits to master since this release
Beta2.2.0
0257c6d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

In this update

Community version update:

  1. New memory shell plugin
  2. ShellHub plugin update
  3. Vulnerability module added a function to generate deserialization Payload, through the memory shell injection process
  4. Five Java deserialization vulnerabilities were added, including
  • Bonitasoft Platform serverAPI Deserialization Vulnerability
  • Liferay Portal Unauthenticated 7.2.1 C3P0 Deserialization Vulnerability (CVE-2020-7961)
  • ManageEngine OpManager Deserialization Vulnerability (CVE-2020-28653)
  • Zkteco Shiro Deserialization Vulnerability
  • ZOHO ManageEngine Password Manager Pro Deserialization Vulnerability
  1. Fixed the problem that the environment variable http_proxy caused Goby to report errors abnormally
  2. Goby can now be updated online and vulnerabilities can be updated even if Goby is not in the Mac system Application directory
  3. Fixed the problem of occasional white horizontal lines in Goby
  4. remove network error report

Red team/Enterprise version update content

  1. All update content of 2.2.0 community version
  2. 20 new deserialization vulnerabilities were added, including
  • Apache OFBiz xmlrpc Deserialization Vulnerability (CVE-2020-9496)
  • Apereo CAS Before 4.1.7 Deserialization Vulnerability
  • Dreamer CMS Shiro Deserialization Vulnerability
  • EasyReport Shiro Deserialization Vulnerability
  • FEBS Shiro Deserialization Vulnerability
  • FH Admin Shiro Deserialization Vulnerability
  • FineReport V10 Deserialization RCE Vulnerability
  • ForgeRock AM Deserialization Vulnerability (CVE-2021-35464)
  • Guns Shiro Deserialization Vulnerability
  • J2eeFAST Shiro Deserialization Vulnerability
  • JavaWeb_Layui Shiro Deserialization Vulnerability
  • Liferay Portal 6.1.1 CE GA2 CB Deserialization Vulnerability
  • MCMS Shiro Deserialization Vulnerability (CVE-2022-22928)
  • OneBlog Shiro Deserialization Vulnerability
  • pb-cms Shiro Deserialization Vulnerability
  • QVIS-NVR Camera Management System RCE (CVE-2021-41419)
  • RuoYi-plus Shiro Deserialization Vulnerability
  • TIMO Shiro Deserialization Vulnerability
  • Ysk ERP Shiro Deserialization Vulnerability

Zkteco Shiro Deserialization Vulnerability

5s8l2F.gif

Apache OFBiz xmlrpc Deserialization Vulnerability (CVE-2020-9496)

5s8l2F.gif

Assets 4