OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the webservices.rest module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload to a Rest API endpoint such as /ws/rest/v1/concept. This Metasploit module uses an XML payload generated with Marshalsec that targets the ImageIO component of the XStream library. Tested on OpenMRS Platform v2.1.2 and v2.21 with Java 8 and Java 9.
6f1e855ade450fdc21c2afb884ec83e11fd67f1b304b45c6db40c7d5cf974dc7This Metasploit module exploits a file upload vulnerability in phpCollab version 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The exploit has been tested on Ubuntu 16.04.3 64-bit
45d36cc04840bd87751a09ee05da85fea9974f7260a94093b39bf929c1b8981ePhpCollab versions 2.5.1 and below suffer from a remote shell upload vulnerability.
670755081d09065664b50020c6d1e6af8b9b8ec5ee8c63676b22f52ea43bb862PhpCollab versions 2.5.1 and below suffer from multiple remote SQL injection vulnerabilities.
60393ffbba4cf77640d0495ff1ac04b03ec23c7c5d69c624bbad0ff95a134795EON versions 5.0 and below suffer from a remote SQL injection vulnerability.
67e1f146fc5c949060425000beb0f03761a65cdb1a34e7cefb735591016086d3EON versions 5.0 and below suffer from a remote code execution vulnerability.
c7846fe3c70cdb527a601ecf168a4bbb668fde1a6cdac12993d51150965c4783
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed