what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files from Chris Lyne

First Active2017-12-02
Last Active2021-04-21
Nagios XI 5.7.3 Remote Code Execution
Posted Apr 21, 2021
Authored by Chris Lyne, Erik Wynter | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-5792
SHA-256 | 02c732ecdeb46edeb55c3d07feeea7f934380ef9d317001de2070079b9dae17d
Nagios XI 5.7.3 Remote Code Execution
Posted Apr 19, 2021
Authored by Chris Lyne, Matthew Aberegg, Erik Wynter | Site metasploit.com

This Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user.

tags | exploit, remote, php, code execution
advisories | CVE-2020-5791
SHA-256 | 5f3ec659fe836f33c81a4956f9541aeece789fd3ec657e3f2f83dc70252319dc
Nagios XI 5.7.3 Remote Command Injection
Posted Oct 28, 2020
Authored by Chris Lyne, Matthew Aberegg

Nagios XI version 5.7.3 mibs.php remote command injection exploit.

tags | exploit, remote, php
advisories | CVE-2020-5791
SHA-256 | 6855f4caf30f9e7751d6594a73e43b55ca31b7b9ddebeacdfa7108721c29da09
Plex Unpickle Dict Windows Remote Code Execution
Posted Jul 17, 2020
Authored by h00die, Chris Lyne | Site metasploit.com

This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.

tags | exploit, remote, web, arbitrary, code execution, python
systems | windows
advisories | CVE-2020-5741
SHA-256 | e2012f91e0f7c3c6e3c7a3f9dff3d5bbac47e45f6db5582aff00dfa52d4c1a26
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Posted May 12, 2020
Authored by Brendan Coles, Chris Lyne | Site metasploit.com

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).

tags | exploit, arbitrary, local, tcp
systems | windows
advisories | CVE-2019-3999
SHA-256 | 12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319
Druva inSync Windows Client 6.5.2 Privilege Escalation
Posted Apr 29, 2020
Authored by Chris Lyne

Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.

tags | exploit, local
systems | windows
advisories | CVE-2019-3999
SHA-256 | 31dfb7b5bc6e0e8460608ac6efee03fdb1a7159259a19815bc7b9c3106a68129
Citrix SD-WAN Appliance 10.2.2 Authentication Bypass / Remote Command Execution
Posted Jul 15, 2019
Authored by Chris Lyne

Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability, bypass
advisories | CVE-2019-12989, CVE-2019-12991
SHA-256 | 35d49241776f0e93fd18d36ff74eb03319d7260a004bea11c110838e3f48883e
Nagios XI Magpie_debug.php Root Remote Code Execution
Posted Jun 25, 2019
Authored by Chris Lyne, Guillaume Andre | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.

tags | exploit, remote, shell, local, root, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
SHA-256 | 497ccf076e88aa8797c172933964fb4ad92dddf4ca42816ab9c5f28af82b486b
Nagios XI 5.5.6 Remote Code Execution / Privilege Escalation
Posted Jan 23, 2019
Authored by Chris Lyne

Nagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.

tags | exploit, remote, vulnerability, code execution
advisories | CVE-2018-15708, CVE-2018-15710
SHA-256 | 24108dbb8c9c59ae34ce542303af31e1e4a7a64d3f72d47d85b85c06711c4a54
Advantech WebAccess SCADA 8.3.2 Remote Code Execution
Posted Nov 5, 2018
Authored by Chris Lyne

Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability.

tags | exploit, code execution
advisories | CVE-2018-15705, CVE-2018-15707
SHA-256 | 54655f065e3a495129a4eb8059227b2933475527411c65bf1abae23771430c88
Advantech WebAccess webvrpcs Buffer Overflow
Posted Mar 30, 2018
Authored by Chris Lyne

Advantech WebAccess versions prior to 8.1 webvrpcs DrawSrv.dll path BwBuildPath stack-based buffer overflow remote code execution exploit.

tags | exploit, remote, overflow, code execution
advisories | CVE-2016-0856
SHA-256 | 3917887b7385488d5ab094dd0cfa0c73128701eb66ed70da342531a89b649458
Advantech WebAccess Directory Traversal / Remote Code Execution
Posted Mar 13, 2018
Authored by Chris Lyne

Advantech WebAccess versions less than 8.3 suffer from directory traversal and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, file inclusion
advisories | CVE-2017-16720
SHA-256 | 97cde78f92d072d5a56b25fbbfba6add14a9da604c9181028efa5012de1aeb81
Advantech WebAccess 8.0-2015.08.16 SQL Injection
Posted Jan 29, 2018
Authored by Chris Lyne

Advantech WebAccess version 8.0-2015.08.16 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-16716
SHA-256 | 16f7cbd1a62ea43d75bb9453984431e804ee465d9a86013ea46d2004a1667ff2
HPE iMC 7.3 RMI Java Deserialization
Posted Jan 29, 2018
Authored by Chris Lyne

HPE iMC version 7.3 suffers from an RMI java deserialization vulnerability.

tags | exploit, java
advisories | CVE-2017-5792
SHA-256 | 922064ae08e689f5f6b61f2d38c19479a08bc094ab866c6ce11fcb3ba20f8939
HPE iMC dbman RestoreDBase Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows
advisories | CVE-2017-5817
SHA-256 | 6e617c9e2dc52b8e3176ccf763528cbf0564f66df4920f7c15aa5b7cd694b5ea
HPE iMC dbman RestartDB Unauthenticated Remote Command Execution
Posted Jan 10, 2018
Authored by Chris Lyne, sztivi | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).

tags | exploit, remote, arbitrary, tcp
systems | windows
advisories | CVE-2017-5816
SHA-256 | 8593e2a11cac9b478374fc96e4123be69ffbd8aafe9adc13437d98414d73a636
HP iMC Plat 7.2 Remote Code Execution
Posted Dec 2, 2017
Authored by Chris Lyne

HP iMC Plat version 7.2 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-5816
SHA-256 | d565f4abdec6884979ae167b1dadec8950fd14886753cffd197125147b659f70
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close