what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Gregory Boddin

Vinchin Backup And Recovery Command Injection

Posted Dec 21, 2023

Authored by Valentin Lobstein, Gregory Boddin | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user.

tags | exploit, web, arbitrary

advisories | CVE-2023-45498, CVE-2023-45499

SHA-256 | 3d8e50d9f7626533b7df0f51d965d0f800628210479cd9fb5dd93a7e5ade89f2

Download | Favorite | View

VinChin VMWare Backup 7.0 Hardcoded Credential / Remote Code Execution

Posted Oct 30, 2023

Authored by Gregory Boddin

VinChin Backup and Recovery in VinChin VMWare Backup versions 5.0 through 7.0 suffers from hardcoded credential and remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution

advisories | CVE-2023-45498, CVE-2023-45499

SHA-256 | 1bf4b6f3ddc51b5e4e5494dbac71f64c14b1398adab76827b7be2ebd47dea460

Download | Favorite | View