what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 28 of 28

Files from h00die-gr3y

VMware NSX Manager XStream Unauthenticated Remote Code Execution

Posted Nov 15, 2022

Authored by mr_me, Sina Kheirkhah, h00die-gr3y | Site metasploit.com

VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. VMware Cloud Foundation 3.x and more specific NSX Manager Data Center for vSphere up to and including version 6.4.13 are vulnerable to remote command injection. This Metasploit module exploits the vulnerability to upload and execute payloads gaining root privileges.

tags | exploit, remote, root, code execution

advisories | CVE-2021-39144

SHA-256 | e1f5fa59aee9a79145c46b8829a1543dbca23d36d00d330dacc1326a5f871b45

Download | Favorite | View

FLIR AX8 1.46.16 Remote Command Injection

Posted Nov 2, 2022

Authored by Samy Younsi, Thomas Knudsen, h00die-gr3y | Site metasploit.com

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to remote command injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. This module uses the vulnerability to upload and execute payloads gaining root privileges.

tags | exploit, remote, web, arbitrary, shell, root, php

advisories | CVE-2022-37061

SHA-256 | a321cd3e8960e684cbab1cd82bb0f9be0cda474af87c57e7f89fa9aaa83b6bca

Download | Favorite | View

Apache Spark Unauthenticated Command Injection

Posted Sep 8, 2022

Authored by Kostya Kortchinsky, h00die-gr3y | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Apache Spark. Successful exploitation results in remote code execution under the context of the Spark application user. The command injection occurs because Spark checks the group membership of the user passed in the ?doAs parameter by using a raw Linux command. It is triggered by a non-default setting called spark.acls.enable. This configuration setting spark.acls.enable should be set true in the Spark configuration to make the application vulnerable for this attack. Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1 are affected by this vulnerability.

tags | exploit, remote, code execution

systems | linux

advisories | CVE-2022-33891

SHA-256 | 2872827635148239363023f1f407242ab1de4a64b6832222c392d7a683334b7b

Download | Favorite | View