Showing 1 - 7 of 7

Files from Emir Polat

First Active	2021-05-24
Last Active	2024-08-31

Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control: Posted Aug 31, 2024; Authored by temp66, Emir Polat | Site metasploit.com; This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.; tags | exploit; advisories | CVE-2023-22515; SHA-256 | 4b9c8ff2a00bfcb510bc8d0808226331e1d0aff918dc0237aea9ac812e546033; Download | Favorite | View

Atlassian Confluence Data Center And Server Authentication Bypass: Posted Feb 27, 2024; Authored by unknown, Emir Polat | Site metasploit.com; This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.; tags | exploit; advisories | CVE-2023-22515; SHA-256 | c9933148dbb3513e341045ef4dcef5999b02882361749da2c6cd6cfe8c0471bc; Download | Favorite | View

pfSense Restore RRD Data Command Injection: Posted Jul 13, 2023; Authored by Emir Polat | Site metasploit.com; This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.; tags | exploit, arbitrary, root; advisories | CVE-2023-27253; SHA-256 | aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1; Download | Favorite | View

CVAT 2.0 Server-Side Request Forgery: Posted Nov 11, 2022; Authored by Emir Polat; CVAT version 2.0 suffers from a server-side request forgery vulnerability.; tags | exploit; advisories | CVE-2022-31188; SHA-256 | 73ffdc8cbd20cddc5c30e6639b40f7a33ca517dc70a0e528dc0b60ad3c12a4f2; Download | Favorite | View

Webmin Package Updates Command Injection: Posted Aug 10, 2022; Authored by Christophe de la Fuente, Emir Polat | Site metasploit.com; This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.; tags | exploit, arbitrary; advisories | CVE-2022-36446; SHA-256 | 40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3; Download | Favorite | View

Webmin 1.996 Remote Code Execution: Posted Aug 1, 2022; Authored by Emir Polat; Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2022-36446; SHA-256 | a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526; Download | Favorite | View

Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal: Posted May 24, 2021; Authored by Emir Polat; Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.; tags | exploit, remote, arbitrary, file inclusion, file upload; SHA-256 | fca5df7ad0d34a5f7b8addf705a53ad2dd0527cb631c1a47240bfd8afd22f8d1; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days