This Metasploit module exploits a buffer overflow condition in Ivanti Avalanche MDM versions prior to 6.4.1. An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in arbitrary code execution with the NT/AUTHORITY SYSTEM permissions. This vulnerability occurs during the processing of 3/5/8/100/101/102 item data types. The program tries to copy the item data using qmemcopy to a fixed size data buffer on stack. Upon successful exploitation the attacker gains full access to the target system. This vulnerability has been tested against Ivanti Avalanche MDM version 6.4.0.0 on Windows 10.
f923d88a736ee1b1d58c5f717428d9695cfc5a4107837de0f4006d0c4a042202VMware vRealize Log Insights versions 8.x contain multiple vulnerabilities, such as directory traversal, broken access control, deserialization, and information disclosure. When chained together, these vulnerabilities allow a remote, unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. This Metasploit module achieves code execution via triggering a RemotePakDownloadCommand command via the exposed thrift service after obtaining the node token by calling a GetConfigRequest thrift command. After the download, it will trigger a PakUpgradeCommand for processing the specially crafted PAK archive, which then will place the JSP payload under a certain API endpoint (pre-authenticated) location upon extraction for gaining remote code execution. Successfully tested against version 8.0.2.
2e4132d3093987ff065179429e52ff5e9baad8185fde7f58136c18d0aa950a90This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious JSP payload with the SYSTEM user permissions.
6932d8048db104bdeaa927b23fea68a29152e32fd74b6498bd70fa53bbc37270Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. Maltrail versions below 0.54 suffer from a command injection vulnerability. The subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username") parameter. An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication. Successfully tested against Maltrail versions 0.52 and 0.53.
f42530359a3ac22211393c29f331afc963e4710bc19c82c302c697b368291bbcRaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.
abc5a8577c76d38277377259204d36eaaa8e98293d1ed4d1030fb74de2c622f0This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to remote code execution due to the rudder role in PostgreSQL having superuser permissions by default.
4a7457a1bba3ccf6db3434ee961f2c065cceb465b7e915484a770c32bf4d7babThis Metasploit module triggers a denial of service vulnerability in the Flexense HTTP server. The vulnerability is caused by a user mode write access memory violation and can be triggered with rapidly sending a variety of HTTP requests with long HTTP header values. Multiple Flexense applications that are using Flexense HTTP server versions 10.6.24 and below are vulnerable.
813816198b6e0b95d0076b6edc4437a705a53f10378492556a643fa2b78999b8This Metasploit module exploits the broken access control vulnerability in Seagate Central External NAS Storage device. Subject product suffers several critical vulnerabilities such as broken access control. It makes it possible to change the device state and register a new admin user which is capable of SSH access.
0c0244a7cf8607e5471c8c892d6c5977f98fef410819f0a4cba83bca34b40d39This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.
eead6190f3debc909c6e03fa4150c29da6936794b738a1702f89596b906fc97fThis Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.
642ae2da08c3ed900b9c3760d13a2d1c0fb0e0de2dd1b41ae42a606c6a1d18a4This Metasploit module exploits a command injection vulnerability in the Tesla Agent botnet panel.
876b39d059c2458870a9edb00f5e9ea2bde939c9e1996b04940938a90e33aa73This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.
4da9fd2ffdcce769456b0f4efa3464cdc760398d6c00430570f596892e606f78LG Smart IP Camera versions 1310250 through 1508190 suffer from a backup file download vulnerability.
820fc8e28c9d778e8a53e43683b6d1d6c825652c7153e65996eb830e5883d51cWhitepaper called Art of Anti Detection 3 - Shellcode Alchemy.
7f075295a13fdda638ecb5a0b6b409afff465f5392326ea9d499f0b1349bb5cf182 bytes small Windows x86 hide console window shellcode.
5a475c2729215cab99a83fdd03f3a296fdd1fb434f4dfd526bcaa8127b8b78ac229 bytes small Windows x86 protect process shellcode.
b8fe8bc29e25d0326cace2297fc1684495e84eb4288f471a99b735848293e156Whitepaper called Art Of Anti Detection - Introduction To AV And Detection Techniques.
a3d2c3fb66656a1629aa37db4e9b2a6ab6c741f48b9463b735ca85bf407b3fbd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed