This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.
02c732ecdeb46edeb55c3d07feeea7f934380ef9d317001de2070079b9dae17dThis Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user.
5f3ec659fe836f33c81a4956f9541aeece789fd3ec657e3f2f83dc70252319dcNagios XI version 5.7.3 mibs.php remote command injection exploit.
6855f4caf30f9e7751d6594a73e43b55ca31b7b9ddebeacdfa7108721c29da09This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.
e2012f91e0f7c3c6e3c7a3f9dff3d5bbac47e45f6db5582aff00dfa52d4c1a26Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).
12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.
31dfb7b5bc6e0e8460608ac6efee03fdb1a7159259a19815bc7b9c3106a68129Citrix SD-WAN Appliance version 10.2.2 suffers from authentication bypass and remote command execution vulnerabilities.
35d49241776f0e93fd18d36ff74eb03319d7260a004bea11c110838e3f48883eThis Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell.
497ccf076e88aa8797c172933964fb4ad92dddf4ca42816ab9c5f28af82b486bNagios XI version 5.5.6 suffers from remote code execution and privilege escalation vulnerabilities.
24108dbb8c9c59ae34ce542303af31e1e4a7a64d3f72d47d85b85c06711c4a54Advantech WebAccess SCADA version 8.3.2 suffers from a code execution vulnerability.
54655f065e3a495129a4eb8059227b2933475527411c65bf1abae23771430c88Advantech WebAccess versions prior to 8.1 webvrpcs DrawSrv.dll path BwBuildPath stack-based buffer overflow remote code execution exploit.
3917887b7385488d5ab094dd0cfa0c73128701eb66ed70da342531a89b649458Advantech WebAccess versions less than 8.3 suffer from directory traversal and remote code execution vulnerabilities.
97cde78f92d072d5a56b25fbbfba6add14a9da604c9181028efa5012de1aeb81Advantech WebAccess version 8.0-2015.08.16 suffers from a remote SQL injection vulnerability.
16f7cbd1a62ea43d75bb9453984431e804ee465d9a86013ea46d2004a1667ff2HPE iMC version 7.3 suffers from an RMI java deserialization vulnerability.
922064ae08e689f5f6b61f2d38c19479a08bc094ab866c6ce11fcb3ba20f8939This Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).
6e617c9e2dc52b8e3176ccf763528cbf0564f66df4920f7c15aa5b7cd694b5eaThis Metasploit module exploits a remote command execution vulnerability in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This Metasploit module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN).
8593e2a11cac9b478374fc96e4123be69ffbd8aafe9adc13437d98414d73a636HP iMC Plat version 7.2 suffers from a remote code execution vulnerability.
d565f4abdec6884979ae167b1dadec8950fd14886753cffd197125147b659f70
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed