This Metasploit module exploits an unauthenticated command injection vulnerability in the yrange parameter in OpenTSDB through 2.4.0 (CVE-2020-35476) in order to achieve unauthenticated remote code execution as the root user. The module first attempts to obtain the OpenTSDB version via the api. If the version is 2.4.0 or lower, the module performs additional checks to obtain the configured metrics and aggregators. It then randomly selects one metric and one aggregator and uses those to instruct the target server to plot a graph. As part of this request, the yrange parameter is set to the payload, which will then be executed by the target if the latter is vulnerable. This module has been successfully tested against OpenTSDB version 2.3.0.
7183104f20371379d7bbd3538dcce42a94117e14b0bb74805ced99f7bd85603fWiki Web Help version 0.3.9 suffers from a stored cross site scripting vulnerability.
e68fce127757a39e865dc1d2314d2b2291059f24abc8dca32bd3b811ac595f4eXWiki version 4.2-milestone-2 suffers from multiple stored cross site scripting vulnerabilities.
c25959b05ad0c3c4ffa247f3a057eebafca9fa9ae6be574d7c1032d7c874d265BusinessWiki version 2.5 RC3 suffers from stored cross site scripting and arbitrary file upload vulnerabilities.
3725bb68e77ae2e7617725d831f798e0e1658ef7fa444cc6f69d669edf4238cdLetoDMS version 3.3.6 suffers from cross site request forgery and cross site scripting vulnerabilities.
cc686fb290023aab67729a888697ad6f9f571447f91ee8c435efc2afc092c18cThis Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
4946a84183062b1d9abffb6b439d5931f024409a5402b78aa7244159e2a59c5bOpenDocMan version 1.2.6.1 suffers from a cross site request forgery vulnerability.
4517da3cfba89fe1336b3b7a7ed87a979770c9d980737cf914add115f588b397XODA Document Management System version 0.4.5 suffers from cross site scripting and remote shell upload vulnerabilities.
9eddc44c334a05db869e4aa52c5baa45e22307853cc1e881f9d5952c9471991dGWebmail version 0.7.3 suffers from cross site scripting and local file inclusion vulnerabilities. The local file inclusion vulnerability can lead to code execution.
8e295acd93b990831af2c346b6cfda11d37e6c13e0529a902ae15177b38b8646Hupa Webmail version 0.0.2 suffers from a stored cross site scripting vulnerability.
b2d8e8baa0477f3ccf906cd01d359b0b1523e78bacdf85aa16f08a39337a9a87Hivemail Webmail version 1.41F Build 103 suffers from a stored cross site scripting vulnerability.
eb95ec4181e9ca1b97c0f5ba9d1860bd1bcdd90beeb3838a6000d6ba38904914Uebimiau Webmail version 2.7.2 suffers from a stored cross site scripting vulnerability.
2c434409adcbc630ee48e54434f8b2e8b729fe6e1cc6a3a840e0de3754b97a07Hastymail2 Webmail version 1.1 RC2 suffers from a stored cross site scripting vulnerability.
e5603aa49a000259245c4d8c25c238c4b532a5ced67a9626f40e89c41de66dc6T-dah Webmail version 3.2.0 suffers from stored cross site scripting vulnerabilities.
f849cce7db945350fcf31a0846493b9158d0a5016e1c297b052c01017c41218bRoundcube Webmail version 0.8.0 suffers from multiple stored cross site scripting vulnerabilities.
6dfa0a7ef6c176b11b524cca79272af01deb78987c2cd19c827f958047b30f1e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed