This Metasploit module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the print-and-de vice.script.enabled and print.script.sandboxed options to allow for arbitrary code execution running in the builtin RhinoJS engine. This module logs at most 2 events in the application log of papercut. Each event is tied to modification of server settings.
f4313d7696bef22bdc9abcdfd185a2f5ec910ab23fce5708d4d336c70e7796cbEktron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system.
6b1de3cc6f9202a90298b9c0b5161490264ce265eaa1362e8c2215e2610223eeThis Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; details derived from the TospoVirus, a WiFi Pineapple infecting worm.
f541430f19dac4f0494fce74a1f639f98b5978e237ef67e38fdf6c2074172475This Metasploit module exploits a login/csrf check bypass vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; Provided as part of the TospoVirus workshop at DEFCON23.
a7c674d3afc9aac9f7580ff6d5085516706f69a88e446351782762c85af1d133WiFi Pineapples with firmware versions 2.3.0 and below suffer from using a predictable cross site request forgery token.
d28d69f0685d472bf2f32a107ab1c86929af0af281983fb44aed43ba9dda6a3dDartWebserver.dll version 1.9.2 suffers from a null pointer dereference denial of service vulnerability.
d201bd7a36fcea870aad04534a979594fe58f5895eead86ee5d8a10913d8604aCerberus FTP server suffers from a cross site scripting vulnerability in the web administration interface.
6b28cd4efe0efed16181b5e08b92d87bf9d077078b76c02a2852907b2bcbb029Campaign Enterprise 11 suffers from multiple remote SQL injection, unauthorized access, clear text password storage, and direct access bypass vulnerabilities.
e8d346567183491410f6e81ec371092bb1bf59947827d38b5506818c1ca474aaDartWebserver.Dll, an HTTP server by Dart Communications, suffers from a stack overflow vulnerability. Versions 1.9 and below are affected. Proof of concept code included.
305223063ea1f05d0ded3e552a5555e23607589feed9ca8044b36a03554ae90f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed