Showing 1 - 5 of 5

Files from Markus Krell

First Active	2019-07-12
Last Active	2024-08-31

Xymon Daemon Gather Information: Posted Aug 31, 2024; Authored by Brendan Coles, Markus Krell | Site metasploit.com; This Metasploit module retrieves information from a Xymon daemon service (formerly Hobbit, based on Big Brother), including server configuration information, a list of monitored hosts, and associated client log for each host. This Metasploit module also retrieves usernames and password hashes from the xymonpasswd config file from Xymon servers before 4.3.25, which permit download arbitrary config files (CVE-2016-2055), and servers configured with ALLOWALLCONFIGFILES enabled.; tags | exploit, arbitrary; advisories | CVE-2016-2055; SHA-256 | 9ee70b9bf9b8edb046baafd8f5faf4f4a2796e5fb36f7a5b908641436a2306ab; Download | Favorite | View

iTop Remote Command Execution: Posted May 23, 2022; Authored by Markus Krell, Alexandre Zanni; iTop versions prior to 2.7.5 authenticated remote command execution exploit.; tags | exploit, remote; advisories | CVE-2022-24780; SHA-256 | a0b99a6ffb1e72f424f072c032f45fd3c9811762bc3e6fd6ab9132aafab59e6c; Download | Favorite | View

Plantronics Hub SpokesUpdateService Privilege Escalation: Posted Jan 15, 2020; Authored by Brendan Coles, Markus Krell | Site metasploit.com; The Plantronics Hub client application for Windows makes use of an automatic update service SpokesUpdateService.exe which automatically executes a file specified in the MajorUpgrade.config configuration file as SYSTEM. The configuration file is writable by all users by default. This module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64). This Metasploit module has been tested successfully on Plantronics Hub version 3.13.2 on Windows 7 SP1 (x64).; tags | exploit; systems | windows; advisories | CVE-2019-15742; SHA-256 | 158f8bba58dd0cfb1693ccc6021434881f579c25482bb12c46542cc4b0abb810; Download | Favorite | View

Plantronics Hub 3.13.2 Local Privilege Escalation: Posted Jan 3, 2020; Authored by Markus Krell; Plantronics Hub version 3.13.2 suffers from a local privilege escalation vulnerability.; tags | exploit, local; SHA-256 | 339cf6961e3d99bb3313daad76cb69c0c28d3894b10b7c2c36bed47bb3a1e73c; Download | Favorite | View

Xymon useradm Command Execution: Posted Jul 12, 2019; Authored by Brendan Coles, Markus Krell | Site metasploit.com; This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding a new user to the system via the web interface with useradm.sh, the user's username and password are passed to htpasswd in a call to system() without validation. This module has been tested successfully on Xymon version 4.3.10 on Debian 6.; tags | exploit, web, arbitrary; systems | linux, debian; advisories | CVE-2016-2056; SHA-256 | 56921faf23d84d68f64c70045561cd00f989f797c3579b3de87eae4139a3e53c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days