VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This is a proof of concept exploit.
c714227bbfea1d4fec4126f79c54dfdd4ec91c95a6e8c0ffc7b795b17b7901ee
Veeam Backup Enterprise Manager authentication bypass proof of concept exploit. Versions prior to 12.1.2.172 are vulnerable.
31fb3b66c17ab7cbfde346b10334c22f95eded003360d0eab92157d99cefd29c
Veeam Recovery Orchestrator authentication bypass proof of concept exploit.
c7b976542137634b6839638c2c6a072b32e8cf78c61435488fcde8c526101303
Telerik Report Server deserialization and authentication bypass exploit chain that makes use of the vulnerabilities noted in CVE-2024-4358 and CVE-2024-1800.
973c92a0a0da78a80793a389527088eee6855414a151fa24deb8c5bd767aaa68
Progress WhatsUp Gold WriteDatafile unauthenticated remote code execution proof of concept exploit.
8555b3fc19ed4287c691eed2de41c35a867aa34e1477c6e4b70035490dca6662
Progress WhatsUp Gold GetFileWithoutZip unauthenticated remote code execution proof of concept exploit.
645be8b10a258029fe6ad8527b1a56a51a5c0b7d9500967dd05deb6a107887f2
Progress WhatsUp Gold SetAdminPassword local privilege escalation proof of concept exploit.
4fdd4c3d26080412d3e0343ba88ccb320022c89ddf9ee90fd9e8f72c6264afde
VMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.
ae67475970c05c39bc93428dddf3a98ddfed987c1bd13fb23f729e242a686959
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.
9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee
VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware Cloud Foundation 3.x and more specific NSX Manager Data Center for vSphere up to and including version 6.4.13 are vulnerable to remote command injection. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges.
e1f5fa59aee9a79145c46b8829a1543dbca23d36d00d330dacc1326a5f871b45
Joomla EkRishta component version 2.10 suffers from cross site scripting and remote SQL injection vulnerabilities.
462bfa4a5d18598f2ed6f9a42ef2ff4e97661f647a5e65c738c5c5e3f8b3fbd2