A cross site request forgery vulnerability was identified in the Authorization Method of 3DSecure version 2.0, allowing attackers to submit unauthorized form data by modifying the HTTP Origin and Referer headers.
032e3a53c89b7b4a7b7b3de30de850a84f091eca55d4270ee219cc8a08689f23
Multiple reflected cross site scripting vulnerabilities in the 3DS Authorization Method of 3DSecure version 2.0 allow attackers to inject arbitrary web scripts via the threeDSMethodData parameter.
6d39badeee9ca588e282577f02ef7077faa513c136944eec8da9e5f0a73a67a8
Multiple reflected cross site scripting vulnerabilities exist in the 3DS Authorization Challenge of 3DSecure version 2.0. These flaws allow attackers to inject arbitrary web scripts, CSS, or HTML through the manipulation of the params parameter in the request URL.
5c49c8e7ecdf6ea8c0ca9ef4838d0136aa0e0903e7e668c089948442cca4d4d4
Ubuntu Security Notice 6996-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
495c021cebaed12775fb7591f330431d792303b4c0b48774c767ece1790af9e8
PDF Generator Web Application version 1.0 suffers from an ignored default credential vulnerability.
ea0edf3e01f27c48e18ff7db4471b92d0d058e7c65718cf02003efd67a75fb49
Debian Linux Security Advisory 5765-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
dfab6913b39748bebfcdb6654b977dbe4d0b99559dd95f8e7705706523881d55
Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting attack.
b3e9ccedfdbf38665257767f0dc668db4901ec80e4f37709d43bcb54502ddae9
Debian Linux Security Advisory 5762-1 - The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. More issues are listed in this advisory.
84334a31b07991491b6bf97b8a6dd18f35a882dd2e58fa59b968cb5797f2b082
This Metasploit module scans for OKI printers via SNMP, then tries to connect to found devices with vendor default administrator credentials via HTTP authentication. By default, OKI network printers use the last six digits of the MAC as admin password.
8613aa2a1290a7367538b13eddb3594428f9fc32d1fd8e239c7ddb8a9589ca0c
This Metasploit module takes advantage of an authentication bypass vulnerability at the web interface of multiple manufacturers DVR systems, which allows to retrieve the device configuration.
92970fe8576d8a26914e34ab8819055f169c2028d4106ed9aa7fe40e0c3de86b
This Metasploit module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured. The module is based on the work by @_dirkjan,.
9f8ccd3febae1d6a5a140ff0111ba4264db42cc77adc0776d3f47273870024c9
This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress Plugin "NextGEN Gallery" version 2.1.7, allowing to read arbitrary directories with the web server privileges.
2c0cd7aee77fbdb8a99fcc09f39bd549ae4823975d07eaa06182ce30e5d70738
This Metasploit module enumerates wireless credentials from Canon printers with a web interface. It has been tested on Canon models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920.
da65789563a5f9123cd5f43ebbf7e23b6c2880e8dec9ba14cd2e0aac0e760202
This Metasploit module exploits an unauthenticated directory traversal vulnerability in Cassandra Web Cassandra Web version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module.
1fcf8bcb9a5c390a3d9ee4018429d16d6138dbe119755c56e7f809909dd5bccd
This Metasploit module attempts to brute-force a valid session token for the Syncovery File Sync and Backup Software Web-GUI by generating all possible tokens, for every second between DateTime.now and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is found, the module stops. The vulnerability exists, because in Syncovery session tokens are basically just base64(m/d/Y H:M:S) at the time of the login instead of a random token. If a user does not log out (Syncovery v8.x has no logout) session tokens will remain valid until reboot.
35774315caca7f89f98bfc845f009123bd6450981504bf93e08596306cfc0432
This Metasploit module attempts to scan for InfoVista VistaPortal Web Application, finds its version and performs login brute force to identify valid credentials.
988a25a91ec5ad89fac76dcea1a6f311b0572b6b6646957ee931ee76d8973e13
This Metasploit module scans for Fortinet SSL VPN web login portals and performs login brute force to identify valid credentials.
9cff45fa6448a61d09c7bfca78543e51d98a8a25cd5a142166e055d3f899034f
This Metasploit module will scan for hosts vulnerable to an unauthenticated SQL injection within the advanced search feature of the Web-Dorado ECommerce WD 1.2.5 and likely prior.
ce900f10acc1386276f00739f087918826cb2474bfdb669e0c939feac5f7524a
This Metasploit module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the controller. In May of 2014, at least 30,000 unique IPs were exposed to the internet with this vulnerability.
1ca6be3bd1442f15e9c436c21eb3f55a0d2466eb4cc5defa624000e1a17d568b
This Metasploit module exploits a directory traversal vulnerability found in Sybase EAservers Jetty webserver on port 8000. Code execution seems unlikely with EAservers default configuration unless the web server allows WRITE permission.
7bfd36e1187bbe4aedbbf3cc9f1865de502ad6964a28a52016ac80e17c3bbfa5
This Metasploit module exploits a directory traversal vulnerability found in Simple Web Server 2.3-RC1.
51715fee223323063efe38cccd63acc54537c25beb376295f1d2c1da1023b617
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This Metasploit module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This Metasploit module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.
0c99025a240dc811b182feb7d9c9d3253b1e32fb38ca51be4415745de5402484
This Metasploit module attempts to find D-Link devices running Alphanetworks web interfaces affected by the backdoor found on the User-Agent header. This Metasploit module has been tested successfully on a DIR-100 device with firmware version v1.13.
efeab64a2c3b15be8d9ef8a9a4512d08c15268b3a979db52689b008670fee189
This Metasploit module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve a maximum of 100_000_000 KB of remote files. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.
330cc22734979700205d38d8b3a6fcb4016360f791b7add7a0841b6885897ab3
This Metasploit module exploits a directory traversal vulnerability found in ManageEngine DeviceExperts ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in order to send HTTP requests.
ead6620e60a1e33962bc1a629b7991560b6ad340faaa6fcdaf3b569e03e10a00