exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from Sina Kheirkhah

VMWare Aria Operations For Networks Remote Code Execution

Posted Sep 2, 2023

Authored by Harsh Jaiswal, Sina Kheirkhah, Rahul Maini | Site summoning.team

VMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept

advisories | CVE-2023-34039

SHA-256 | ae67475970c05c39bc93428dddf3a98ddfed987c1bd13fb23f729e242a686959

Download | Favorite | View

VMWare Aria Operations For Networks Remote Command Execution

Posted Jul 26, 2023

Authored by h00die, Sina Kheirkhah | Site metasploit.com

VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of root on the appliance. VMWare 6.x version are vulnerable. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges. Successfully tested against version 6.8.0.

tags | exploit, remote, arbitrary, root, code execution

advisories | CVE-2023-20887

SHA-256 | 9a55a0c02bec8e756eeac40f3ab58ccc0499c9bbbde741db5c148ebfa61b29ee

Download | Favorite | View

VMware NSX Manager XStream Unauthenticated Remote Code Execution

Posted Nov 15, 2022

Authored by mr_me, Sina Kheirkhah, h00die-gr3y | Site metasploit.com

VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware Cloud Foundation 3.x and more specific NSX Manager Data Center for vSphere up to and including version 6.4.13 are vulnerable to remote command injection. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges.

tags | exploit, remote, root, code execution

advisories | CVE-2021-39144

SHA-256 | e1f5fa59aee9a79145c46b8829a1543dbca23d36d00d330dacc1326a5f871b45

Download | Favorite | View

Joomla EkRishta 2.10 Cross Site Scripting / SQL Injection

Posted May 20, 2018

Authored by Sina Kheirkhah

Joomla EkRishta component version 2.10 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 462bfa4a5d18598f2ed6f9a42ef2ff4e97661f647a5e65c738c5c5e3f8b3fbd2

Download | Favorite | View