This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.
c9933148dbb3513e341045ef4dcef5999b02882361749da2c6cd6cfe8c0471bcThis Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.
aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1CVAT version 2.0 suffers from a server-side request forgery vulnerability.
73ffdc8cbd20cddc5c30e6639b40f7a33ca517dc70a0e528dc0b60ad3c12a4f2This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.
40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.
a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.
fca5df7ad0d34a5f7b8addf705a53ad2dd0527cb631c1a47240bfd8afd22f8d1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed