This Metasploit module exploits a cross-site request forgery (CSRF) vulnerability in F5 Big-IP's iControl interface to write an arbitrary file to the filesystem. While any file can be written to any location as root, the exploitability is limited by SELinux; the vast majority of writable locations are unavailable. By default, we write to a script that executes at reboot, which means the payload will execute the next time the server boots. An alternate target - Login - will add a backdoor that executes next time a user logs in interactively. This overwrites a file, but we restore it when we get a session Note that because this is a CSRF vulnerability, it starts a web server, but an authenticated administrator must visit the site, which redirects them to the target.
0942abdee0725fc32a285ecb9a23fb1bfe3ecc058946e6d59dda0de6b91cbca4Debian Linux Security Advisory 5279-2 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks. The wordpress package released in DSA-5279-1 had incorrect dependencies that could not be satisfied in Debian stable. This update corrects the problem.
389845c1cb18def69eba66246c35f85df9383c4619ea4cbb54983839e90b7fcbDebian Linux Security Advisory 5279-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or perform Cross-Site Request Forgery (CSRF) or Cross-Site Scripting (XSS) attacks.
341ee59a0eda06f9f4d0a55d3d0dcfde3def67460f959fbb244cede42273627dWordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.
651b396c90687b1931dfce7d1f9402a1dff09a912ce895903c27111b0634e43eRed Hat Security Advisory 2022-8057-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
3ee16e49a8baf9378c63381be5115444e228ecd6a3b4ae465fcf1331c83fb783Red Hat Security Advisory 2022-7519-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Issues addressed include cross site request forgery, cross site scripting, denial of service, information leakage, and privilege escalation vulnerabilities.
3e15d8d2daf7a09f7541e03f3086b2da3507f9323e80ae6e10ec506f6426e5c7Online Birth Certificate Management System version 1.0 suffers from a cross site request forgery vulnerability.
f90076f01c3d533b4fccbc2387bf165114d9246cfe28d87c6be0ae171a022afeMultix version 2.4 suffers from a cross site request forgery vulnerability.
d804687ad3c71ed52a7465168db79fb1a6b87b78c6e128b3cc988a897cc33cf8Online Employee Leave Management System version 1.0 suffers from a cross site request forgery vulnerability.
0710715d45689c909a85c5900c640070b5bf1573e0e7b5eaa10c502265e786a4WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.
4d8603e0293338606a482d16c657252dae8f29113703208bc7aafca598be3ca6Transposh WordPress Translation versions 1.0.8.1 and below suffer from cross site request forgery vulnerabilities.
00f492b81f8c36b3158ff92303a3ed9b8713a137b201a866100dd6430cd9a03cJM-DATA ONU JF511-TV versions 1.0.67, 1.0.62, and 1.0.55 suffer from cross site request forgery, persistent cross site scripting, default credential, and open redirection vulnerabilities.
c51066c0cb9048b02b75497475a4a15013a17f7c6f79b27527c10c72ae1fc0c9Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.
aecc677dbeadf1e311ca918427b11abd363470e74f04e5d771a7638543fba47cPHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
050c77ae0f13a5b4247218de44f8bf133ca516aae7da4d73aba802231bdde893WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.
565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9WordPress Stafflist plugin version 3.1.2 suffers from a cross site request forgery vulnerability.
9d6c94780d9e6bad20039cfa30e21ac1263e9e05f4af98d371874857a71295c3Fuel CMS version 1.5.0 suffers from a cross site request forgery vulnerability.
a4af693e497d4996d8c0e666db468defe2f659409f9308f786a612dc743fa1f7Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site request forgery vulnerability.
29cb721e83f960d667cf6c98532f19aade113ac4dead4421a2632694ec3913c0qdPM version 9.2 suffers from a cross site request forgery vulnerability.
64ddbfaa1da0cb1473febe63a28eecb79a7e8e8d82ebad0f32c44475dadf890fICEHRM version 31.0.0.0S cross site request forgery exploit that demonstrates account deletion. This finding varies from the original finding of cross site request forgery in the same software from the same researcher.
b9ee29826a306b33bdc668fcd9b9e3b8d9c8e92ba320ac432ad6259e72d505c3Online Banquet Booking System version 1.0 suffers from a cross site request forgery vulnerability.
242e1ac878946f2c1079108497cb89ce8c04972924dd3446288bd6725374a38bWordPress Curtain plugin version 1.0.2 suffers from a cross site request forgery vulnerability.
f394a443240b0a394250f659b08eabdf25ac27620ce8316b56cf87a0d070fafbICEHRM version 31.0.0.0S suffers from a cross site request forgery vulnerability.
096c17b59dcf5a176b516a6e32f1f053ba9cc9d99442901c1ec82846fbaa5b26iRZ mobile routers versions RU21, RU21w, RL21, RU41, and RL01 suffer from a cross site request forgery vulnerability that can enable remote code execution.
9f87d1b4dfcf65a7a815809793fabfafcaf1d56d194ef000382ae92167e751d7Red Hat Security Advisory 2022-0056-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.3. Issues addressed include bypass, cross site request forgery, denial of service, and traversal vulnerabilities.
47c94baf45591caac279b395191a39b15211aab64fbf51a7551c99c5711dd019
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed