This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to "/data-service/users/[userid]" with any low-authority user returns other users' information in response. The encrypted password information is included here, but privilege escalation is also possible with the active sessionid value.
6e59726691f327427ec484da726b6a4c97e638187f4e7fb596cc5e0268c97f94
This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code. The module tries to log in to the MQTT service with the credentials it has obtained and reflects the response it receives from the service.
a526a71a842e124933fbe29b7fe054817479987a1ba9b99072a7022c4655f1ae
This Metasploit module exploits an authentication bypass in Servisnet Tessa, triggered by add new sysadmin user. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code.
119c3c412df82f46d85f91b4ab7d2315fda2836a2057f29636ed9df61fe7a8bd
This Metasploit module exploits a privilege escalation vulnerability in Ericsson Network Location Mobile Positioning Systems.
284aef5590fcc1f10a26e571df512ffa20eb2f3e127bfd58c1acdecd315b6627
This Metasploit module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The export feature in various parts of the application is vulnerable. It is a feature made for the information in the tables to be exported to the server and imported later when required. Export operations contain the file_name parameter. This parameter is assigned as a variable between the server commands on the backend side. It allows command injection.
2b48b3265095eafaddacb4ff1e3bd8e6117f37acaa1faaf23e718d815e6acfc9
This Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user.
81d29e7b25d87b1af18dee2c03c87aac3764dda86e6ebd3821d3086bb0eb9503
This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.
0b9d3eed2396c63f8c369c41bb33853aea8748348ce034096856277e638001d6
PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.
69aa4aacb58fc312485978e341d93b5ea3b1cb194a17714065b2bf439c337cd5