This Metasploit module enumerates Apache Tomcats usernames via malformed requests to j_security_check, which can be found in the web administration package. It should work against Tomcat servers 4.1.0 - 4.1.39, 5.5.0 - 5.5.27, and 6.0.0 - 6.0.18. Newer versions no longer have the "admin" package by default. The admin package is no longer provided for Tomcat 6 and later versions.
ddc9c4c9f598773b8e0921e7125f71bd3f5c7f1793c0f1c17a1adfd1577b0e43Apache with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the.
d25e9a67049055f81042dd2292f1622716d32f4d233ae7066e8e8047391634a4The SMTP service has two internal commands that allow the enumeration of users: VRFY (confirming the names of valid users) and EXPN (which reveals the actual address of users aliases and lists of e-mail (mailing lists)). Through the implementation of these SMTP commands can reveal a list of valid users.
3a076e1802bf0287cf31ba73080df8903791e03d6e20085d5549687768f3b726The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value.
9edbe875f33f8abbbd70b40b78b0b3ee2f256cdbfd08ccf58b9ba2cabbd67558Splunk suffers from an issue where a low-privileged user who holds a role that has the edit_user capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the edit_user capability does not honor the grantableRoles setting in the authorize.conf configuration file, which prevents this scenario from happening. This exploit abuses this vulnerability to change the admin password and login with it to upload a malicious app achieving remote code execution.
7181dfaec2f1f7eb973d6e9ba2bc3a477b83011115b041d9cb0b9ad5e441fc41An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.
01b86153e9b59cbce82f32a07b24098f2267f0bddf0bec3fcf3243c9d0b7d820This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the authorized_keys file of the chosen account, allowing you to login to the system with the chosen account. Successful exploitation results in remote code execution.
818eeb4d404c8cde2ab69451948a6037ca08bef60e2be65eb6fe9ed9d7ef0e7dAn unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts.
4bfb5f55643ee08ae8c9999d9fa55d6d1af99c180f30e402f0089770ca5d6712This Metasploit module exploits an authentication bypass vulnerability in the F5 BIG-IP iControl REST service to gain access to the admin account, which is capable of executing commands through the /mgmt/tm/util/bash endpoint. Successful exploitation results in remote code execution as the root user.
bb3a5bef34f53053f0da7eec9cad038bc4f47a0997b2e9cd601a17a1f034a0adApache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction plugin.
75f7fd4db82a985948b400b9686ffc05f654d453b228621992abd5bb2505add2Ignition versions prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
1a428973d57b49630c03761c229ad5f2989539e00fde683c743407e8d561d597Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.
922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62The Polycom web management interface on model G3/HDX 8000 HD suffers from a remote command injection vulnerability.
edd85665d7b90ac56ede22daa681765beb0fda23fc185dbf676283c9186e6397The Polycom web management interface on model G3/HDX 8000 HD suffers from a directory traversal vulnerability.
318900245c518a8794796a8f52d7da21d13c57f032476a863283f40f224062c0WordPress authentication brute force and user enumeration utility for Metasploit.
53dfbc1d57cd5b6f8db8a14f4805dbb9ee5be66043bb48948f6bbf77a879d57d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed