This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose. After that, you can login to the web interface with those credentials. The only necessary condition is the more or less recent connection of an admin as this exploit uses a kind of session stealing.
2634bc8552f91defad40767e6232f25e635ec38b72d6329ce27f8e07acb81918This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry. This key is located in the file AppModule.class by default and looks like the standard representation of UUID in hex digits (hd) : 6hd-4hd-4hd-4hd-12hd If the HMAC key has been changed to look differently, this module wont find the key because it tries to download the file and then uses a specific regex to find the key.
b1c7d62902e4bda90669843700bef91f0006f013f404b5ebf2f2d9ae7a80eaf5This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.
7d2c3f217f9d96a1b8933d18886edae37099a342dcf9addd2e24438914311c20This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.
69c7df31917c6908273c697f81d8629ab2b33991a9590623c7646f14dbb26004This Metasploit module allows an attacker with an unprivileged windows account to gain admin access on windows system and start a shell. For this module to work, both the NSClient++ web interface and ExternalScripts features must be enabled. You must also know where the NSClient config file is, as it is used to read the admin password which is stored in clear text.
2f48ecb1ace9ab98da3fc097c685134fbbff745e68f82e7a48130c2319a63541This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled.
e95945a965159bfea31fbd8366718d83da086d569e817f49987fd013571a676d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed