This Metasploit module generates a Open API Specification 2.0 (Swagger) compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable swagger-codgen appliance/container/api/service, and then to execute that generated code (or include it into software which will later be executed by another victim). By doing so, an attacker can execute arbitrary code as the victim user. The same vulnerability exists in the YAML format.
925a6c94c2aaaf2800d73d3a13675fcc5378848d10e33bb01c987d3250914670
HNB version 1.9.18-10 suffers from a local buffer overflow vulnerability.
aaeae969855be3306cdcb2e32a65086c3546c2454ef4c52eae43f8d68c2a975a
BigTree CMS version 4.2.11 and below suffer from a remote authenticated SQL injection vulnerability.
968aa637a70ad16367def25fb2cfce1ce28e8f27120df89d1a374a92fc0e4e5e
PInfo version 0.6.9-5.1 suffers from a buffer overflow vulnerability.
bd449abb80e20ea86e7a578310b7a24726e21f5b4ffeaebf4d394e4654f4205d
MyLittleForum version 2.3.5 suffers from a PHP command execution vulnerability.
2d0eb479e123885dc4f3ba4bea291050b16793c255cfefd1c779cd7cd6e61bd6
Armadito suffers from a remote arbitrary file write due to a man-in-the-middle issue.
3c940d2b604802823a92dfde76f87dccff6b8a34a3da8280c1427ca2bcaf9d01
PspInitializeFullProcessImageName does not correctly handle a NULL pointer being passed to it leading to a dereference at NULL for a file object which might be exploitable on 32 bit systems for elevation of privilege.
70b82482716445062d80fb96e4fdd034b32b3c939d117b27406277646b4a03a2
Kagao version 3.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
3441d2b7a7e0124aa7760c90c3df1efc3b9e7bd94c8da1b4064565815f2bb51b
Untangle NGFW versions 12.1.0 Beta and below execEvil() authentication root command injection exploit.
6b6b9f55e4e0320da456dbd48649b468e11cad30e125d2f8cbdbf12e0f473a27
Riverbed SteelCentral NetProfiler and NetExpress versions 10.8.7 and below suffer from command injection, privilege escalation, local file inclusion, account hijacking, and remote SQL injection vulnerabilities.
00ab1d582827932b2ba3b410528854489b8967d3984a75bb1c14cd8cdf9bae86
iBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.
90c8a074050732437227d5b545e662c2703b13765c44c9ecfda872f7e4a5d9d0
The CloudGate M2M gateway from Option suffers from an insecure direct object reference that allows for authorization bypass as well as cross site scripting vulnerabilities.
1004def6073bda6407b393c2311d74ac79b0df7f786b39ba8e7a5bac5dd631c3
Parsijoo Search Engine suffers from a cross site scripting vulnerability.
0aff94920da9819f0b10ac4ae23aca660ccbdef403bc6bf45ae550e11c5f8769
ASUS DSL-N55U version 3.0.0.4.376_2736 suffers from cross site scripting and information disclosure vulnerabilities.
2297595e06db7fa420a012baf7d29c1bd77b0683ceb2f735ed013c7ffe5a94be
JIRA Artezio Board plugin version 1.4 suffers from cross site scripting and information disclosure vulnerabilities.
a0d144ea2b00eb5d9831c86d25439a5db48c3e97147d507ef547e9cec42fa4fa
JIRA Mail.ru Calendar plugin version 2.4.2.50_JIRA6 suffers from multiple cross site scripting vulnerabilities.
9db0638c04e003fb397fbec73497ef7bd2a7f509cc3b670b2cae9f8fb924d6c0
LearnVest Web Application suffers from a persistent cross site scripting vulnerability.
3593feb65f3d43639b0088d9a7262d08022e8d86ddfde1a58ca8d125df0eeb33
MoneyTrackin Web Application suffers from a persistent cross site scripting vulnerability.
6402aae158ad1102885aef5e05fc5dcb6d5bd711801b982df72a5e5137bc6f0c
KashFlow Web Application suffers from a persistent cross site scripting vulnerability.
338cb402ee5e6e927390317c6de151a43ca0725db00590ddcd3dccc9325ecf1f
Toshl Finance Web Application suffers from a persistent cross site scripting vulnerability.
05e0f4399b672222077b63fac14ad7d94bae3db58b9cd280b207508479f88fb5
libical versions 0.47 and 1.0 suffer from a crash issue.
e314583b6bf83ffbfdfd9a7a4875334a7dbd17311c08e56a43e14b40b4d360a7
net/http in Ruby HTTP Header suffers from an injection issue.
266f4d353900c02643e4dcfa014500e23697fa6da787b60c852b929243b05e31
SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
b5ea2947c8c691e63cd8b15a2ad9c1ce3e6371ed8f9cad785fad1655ff9e56d0
SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
dd7c80c6120e1805c1954e5087e5f215c67a081881bc8f20fcaa86bfed40b75e
SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
b0d6c09a780b84f51c2d8a829a8cad6ddf0b80bf8cd8641bb49a73cc3e3ff170