This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface (CVE-2021-41282). The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module uses the vulnerability to create a web shell and execute payloads with root privileges.
749bce942f6a26bc40cf265a69c07ac56ab2b47d26b9b02bc8c5c749e022b2a6
Various vulnerabilities have been found in Nagios XI version 5.5.10, which allow a remote attacker able to trick an authenticated victim (with "autodiscovery job" creation privileges) to visit a malicious URL to obtain a remote root shell via a reflected cross site scripting, an authenticated remote code Execution and a local privilege escalation.
bd7ba51447ff283af06552296e4ab6e0b1d5900d3254b328db7bc4d193fd6f66