Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.
7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.
01b86153e9b59cbce82f32a07b24098f2267f0bddf0bec3fcf3243c9d0b7d820This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.
818eeb4d404c8cde2ab69451948a6037ca08bef60e2be65eb6fe9ed9d7ef0e7dAn unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts.
4bfb5f55643ee08ae8c9999d9fa55d6d1af99c180f30e402f0089770ca5d6712This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.
bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0adApache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction plugin.
75f7fd4db82a985948b400b9686ffc05f654d453b228621992abd5bb2505add2Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
1a428973d57b49630c03761c229ad5f2989539e00fde683c743407e8d561d597Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.
922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
edd85665d7b90ac56ede22daa681765beb0fda23fc185dbf676283c9186e6397The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
318900245c518a8794796a8f52d7da21d13c57f032476a863283f40f224062c0WordPress authentication brute force and user enumeration utility for Metasploit.
53dfbc1d57cd5b6f8db8a14f4805dbb9ee5be66043bb48948f6bbf77a879d57d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed