This Metasploit module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection can be used to obtain password hashes for application user accounts. This Metasploit module has been tested on TYPO3 3.16.0 running news extension 5.0.0. This Metasploit module tries to extract username and password hash of the administrator user. It tries to inject sql and check every letter of a pattern, to see if it belongs to the username or password it tries to alter the ordering of results. If the letter doesnt belong to the word being extracted then all results are inverted (News #2 appears before News #1, so Pattern2 before Pattern1), instead if the letter belongs to the word being extracted then the results are in proper order (News #1 appears before News #2, so Pattern1 before Pattern2).
472f7767d1d622fc181d7fa0a90d223e85f29ef884a67376c132a17b0cf4808e
This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5.x.x to dump the user table information or to dump all of the vBulletin tables (based on the selected options). This Metasploit module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux.
ff56a843c97fa72711235034adea7c67c06a8967f8acf46b212656cf728ac905
This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.
1f32659ebb0c531de30e029fb76fabee6201b5794d59ccb2568e849b2451ba91
This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.
ab383c3c011e7017caccbf3f14a2893505f109f7315cb558a626bdfe3e283ccb
PHP version 7.2 suffers from an imagecolormatch() out-of-band heap write vulnerability.
69add42dde7d8d122571186cc4217258d5760ae073e9d96197a97e8666a28e27
Apache versions 2.4.17 up to 2.4.38 apache2ctl graceful logrotate local privilege escalation exploit.
3319265a25f9489c7617752a0f4a299d38530c30caf7932b9bb2b32075e9f1b7
Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.
9525ffd9aefbc06136c75f55edd33355815fc7df0b0f150a337892cfad9ed4bd
Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit.
fb8e5118d988e50510319ef6725fac056f280cc00faa123b19459e9412e70b6b
This Metasploit module exploits a PHP unserialize() vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable (albeit cached). Cached nodes can be exploited only once.
f0577a61447bee5c1e01e80e2168cbe148e2d1b04abd7c1f41da56482db6d02b
Drupal versions prior to 8.6.10 and 8.5.11 suffer from a REST module remote code execution vulnerability.
ae19653ae86e19e4205093659570141a9094d9c26cd09af8cb1673c93f03dc72
Oracle PeopleSoft Enterprise PeopleTools versions prior to 8.55 suffer from a remote code execution vulnerability.
e7ca7f1dfaf0427d15e6728d2323dfd98cf6d0d01d7466ab23ceea3a1e534852
The TYPO3 News module suffers from a remote SQL injection vulnerability.
bb71657eaa7e4ca543ead5df7415208b7f27687d4255a45a2c042482a48a7805
Drupal version 7.x module services remote code execution exploit.
80a50821438fc6c1895f12fb121285719fc8d9b69c85fae539144f6a24a07158