exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 6 of 6

Files from Netanel Rubin

Magento 2.0.6 Unserialize Remote Code Execution

Posted Jun 3, 2016

Authored by agix, Netanel Rubin | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in Magento 2.0.6 or prior.

tags | exploit, php

advisories | CVE-2016-4010

SHA-256 | 0f4a54fd7327964f36b2aa61027c88bb06c66470231cb05fee46900549f0def5

Download | Favorite | View

vBulletin 5.1.2 Unserialize Code Execution

Posted Nov 13, 2015

Authored by Netanel Rubin, cutz, Julien (jvoisin) Voisin | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9

tags | exploit, php

advisories | CVE-2015-7808

SHA-256 | 3d697e9884f896d99ec27c73b56469d04ac0450703c51290468ce41cd7c38ae0

Download | Favorite | View

Bugzilla Unauthorized Account Creation

Posted Sep 10, 2015

Authored by Frederic Buclin, Byron Jones, Netanel Rubin | Site bugzilla.org

Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.

tags | advisory

advisories | CVE-2015-4499

SHA-256 | 9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69

Download | Favorite | View

TWiki Debugenableplugins Remote Code Execution

Posted Mar 19, 2015

Authored by h0ng10, Netanel Rubin | Site metasploit.com

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.

tags | exploit, remote, perl, code execution

advisories | CVE-2014-7236

SHA-256 | 850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5

Download | Favorite | View

Bugzilla Account Creation / XSS / Information Leak

Posted Oct 7, 2014

Authored by Frederic Buclin, Byron Jones, David Lawrence, Netanel Rubin, Simon Green, James Kettle, Matt Tyson | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, and 4.5.1 to 4.5.5 suffer from unauthorized account creation, cross site scripting, and information leak vulnerabilities.

tags | advisory, vulnerability, xss, info disclosure

advisories | CVE-2014-1571, CVE-2014-1572, CVE-2014-1573

SHA-256 | 0d0e7c27532f6562403faf6ddb1249c6fce16ba6525feadfe7c92217191a6748

Download | Favorite | View

MediaWiki Thumb.php Remote Command Execution

Posted Feb 19, 2014

Authored by Brandon Perry, Ben Harris, Netanel Rubin | Site metasploit.com

MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote unauthenticated users to execute arbitrary commands via shell metacharacters. If no target file is specified this module will attempt to log in with the provided credentials to upload a file (.DjVu) to use for exploitation.

tags | exploit, remote, arbitrary, shell, file upload

advisories | CVE-2014-1610

SHA-256 | 853d2b2d7b1ab2575d40f73544cf31c3010f47bbfc35b70e1a2faa0dfdf9204d

Download | Favorite | View