This Metasploit module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This Metasploit module has been tested successfully on ColdFusion 9 and ColdFusion 10 (auto-detect).
f9027fa18590f935c44c682f6c35a26d0f940ef9411caf0b16feb68afcb22e83This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/mod_wsgi configurations by overwriting moin.wsgi, which allows to execute arbitrary python code, as exploited in the wild on July, 2012.
357506b05f75972b93ef4f53d7935e38c58ae9d6c3dc89990bc79b7b56e9d911Kloxo versions 6.1.12 and below contain two setuid root binaries. lxsuexec and lxrestart allow local privilege escalation to root from uid 48, Apache by default on CentOS 5.8, the operating system supported by Kloxo. This Metasploit module has been tested successfully with Kloxo 6.1.12 and 6.1.6.
a70607f00778f48b03ab7e80bcb005fc5ae1a0f4e784ea6219b2ca83f16982c7Kloxo version 6.1.6 suffers from a local privilege escalation vulnerability.
05c8a48c93af3659880c9fc3c9b6dc020d3b89b769551432c305b8d9a7ee8d6fMoinMelt remote arbitrary command execution exploit as released in HTP version 5.
57a4eee9988f535e79cf25e3113013c4894c962158793e8fa7a2a42a01d07190ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.
7ca7d0dbbf03c4e7f09cce36a6785fc2d64fa398061c3b4afd5d406f11f33c4e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed