Showing 1 - 9 of 9

Files Date: 2020-11-25

BigBlueButton 2.2.29 Brute Force: Posted Nov 25, 2020; Authored by Ismail Saygili; BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.; tags | exploit, cracker; advisories | CVE-2020-29042; SHA-256 | 7779a47f90e53f789a2fbce3072e0d2ff2ac04320c70d8126d32c0cd38ef8a28; Download | Favorite | View

House Rental 1.0 SQL Injection: Posted Nov 25, 2020; Authored by Bobby Cooke, hyd3sec; House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.; tags | exploit, remote, sql injection; SHA-256 | f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3; Download | Favorite | View

OpenMediaVault rpc.php Authenticated PHP Code Injection: Posted Nov 25, 2020; Authored by Anastasios Stasinopoulos | Site metasploit.com; This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.; tags | exploit, arbitrary, root, php; advisories | CVE-2020-26124; SHA-256 | e0e5ffa0c0727fd8caae8d1a6288e302aebc6906241ff1131429f2abbcdbe8a1; Download | Favorite | View

Kong Gateway Admin API Remote Code Execution: Posted Nov 25, 2020; Authored by Graeme Robinson | Site metasploit.com; This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.; tags | exploit; SHA-256 | 4bafd791ffc69e6f0e7e5e659d5843334eaeb9b206ab4512782cccf29ffe011a; Download | Favorite | View

WordPress Simple File List Unauthenticated Remote Code Execution: Posted Nov 25, 2020; Authored by h00die, coiffeur | Site metasploit.com; This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.; tags | exploit, remote, arbitrary, php; SHA-256 | c76d8f741d62e082e4021197c4f997d2888355186e9e04b1278f52540744b1fa; Download | Favorite | View

Ubuntu Security Notice USN-4644-1: Posted Nov 25, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4644-1 - It was discovered that igraph mishandled certain malformed XML. An attacker could use this vulnerability to cause a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2018-20349; SHA-256 | 36b45e5bfb54b57372c5e59ba133db2f7997fdeb4b4be4e54951e5f434ce0131; Download | Favorite | View

SyncBreeze 10.0.28 Remote Buffer Overflow: Posted Nov 25, 2020; Authored by Abdessalam King; SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.; tags | exploit, remote, overflow; SHA-256 | 21147b01f84dbcd01dd7401e1fa1618def57364c73f6c87de1e4deda21699dd9; Download | Favorite | View

osCommerce 2.3.4.1 Cross Site Scripting: Posted Nov 25, 2020; Authored by Emre Aslan; osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 3a2d13a1bea10737d2fffae795bbf8e8e1456bee046f30ed0b0fc07162a20926; Download | Favorite | View

Wondershare Driver Install Service Help 10.7.1.321 Unquoted Service Path: Posted Nov 25, 2020; Authored by Luis Sandoval; Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.; tags | exploit; SHA-256 | 22e81b9e302abbc514142b60342851f9f20aea48f363575022e6b4d599358ec4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days