This Metasploit module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable swagger-codgen appliance/container/api/service, and then to execute that generated code (or include it into software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. The same vulnerability exists in the YAML format.
925a6c94c2aaaf2800d73d3a13675fcc5378848d10e33bb01c987d3250914670HNB version 1.9.18-10 suffers from a local buffer overflow vulnerability.
aaeae969855be3306cdcb2e32a65086c3546c2454ef4c52eae43f8d68c2a975aBigTree CMS version 4.2.11 and below suffer from a remote authenticated SQL injection vulnerability.
968aa637a70ad16367def25fb2cfce1ce28e8f27120df89d1a374a92fc0e4e5ePInfo version 0.6.9-5.1 suffers from a buffer overflow vulnerability.
bd449abb80e20ea86e7a578310b7a24726e21f5b4ffeaebf4d394e4654f4205dMyLittleForum version 2.3.5 suffers from a PHP command execution vulnerability.
2d0eb479e123885dc4f3ba4bea291050b16793c255cfefd1c779cd7cd6e61bd6Armadito suffers from a remote arbitrary file write due to a man-in-the-middle issue.
3c940d2b604802823a92dfde76f87dccff6b8a34a3da8280c1427ca2bcaf9d01PspInitializeFullProcessImageName does not correctly handle a NULL pointer being passed to it leading to a dereference at NULL for a file object which might be exploitable on 32 bit systems for elevation of privilege.
70b82482716445062d80fb96e4fdd034b32b3c939d117b27406277646b4a03a2Kagao version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
3441d2b7a7e0124aa7760c90c3df1efc3b9e7bd94c8da1b4064565815f2bb51bUntangle NGFW versions 12.1.0 Beta and below execEvil() authentication root command injection exploit.
6b6b9f55e4e0320da456dbd48649b468e11cad30e125d2f8cbdbf12e0f473a27Riverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.
00ab1d582827932b2ba3b410528854489b8967d3984a75bb1c14cd8cdf9bae86iBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.
90c8a074050732437227d5b545e662c2703b13765c44c9ecfda872f7e4a5d9d0The CloudGate M2M gateway from Option suffers from an insecure direct object reference that allows for authorization bypass as well as cross site scripting vulnerabilities.
1004def6073bda6407b393c2311d74ac79b0df7f786b39ba8e7a5bac5dd631c3Parsijoo Search Engine suffers from a cross site scripting vulnerability.
0aff94920da9819f0b10ac4ae23aca660ccbdef403bc6bf45ae550e11c5f8769ASUS DSL-N55U version 3.0.0.4.376_2736 suffers from cross site scripting and information disclosure vulnerabilities.
2297595e06db7fa420a012baf7d29c1bd77b0683ceb2f735ed013c7ffe5a94beJIRA Artezio Board plugin version 1.4 suffers from cross site scripting and information disclosure vulnerabilities.
a0d144ea2b00eb5d9831c86d25439a5db48c3e97147d507ef547e9cec42fa4faJIRA Mail.ru Calendar plugin version 2.4.2.50_JIRA6 suffers from multiple cross site scripting vulnerabilities.
9db0638c04e003fb397fbec73497ef7bd2a7f509cc3b670b2cae9f8fb924d6c0LearnVest Web Application suffers from a persistent cross site scripting vulnerability.
3593feb65f3d43639b0088d9a7262d08022e8d86ddfde1a58ca8d125df0eeb33MoneyTrackin Web Application suffers from a persistent cross site scripting vulnerability.
6402aae158ad1102885aef5e05fc5dcb6d5bd711801b982df72a5e5137bc6f0cKashFlow Web Application suffers from a persistent cross site scripting vulnerability.
338cb402ee5e6e927390317c6de151a43ca0725db00590ddcd3dccc9325ecf1fToshl Finance Web Application suffers from a persistent cross site scripting vulnerability.
05e0f4399b672222077b63fac14ad7d94bae3db58b9cd280b207508479f88fb5libical versions 0.47 and 1.0 suffer from a crash issue.
e314583b6bf83ffbfdfd9a7a4875334a7dbd17311c08e56a43e14b40b4d360a7net/http in Ruby HTTP Header suffers from an injection issue.
266f4d353900c02643e4dcfa014500e23697fa6da787b60c852b929243b05e31SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
b5ea2947c8c691e63cd8b15a2ad9c1ce3e6371ed8f9cad785fad1655ff9e56d0SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
dd7c80c6120e1805c1954e5087e5f215c67a081881bc8f20fcaa86bfed40b75eSugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
b0d6c09a780b84f51c2d8a829a8cad6ddf0b80bf8cd8641bb49a73cc3e3ff170
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed