what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Emir Polat

First Active2021-05-24
Last Active2024-08-31
Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control
Posted Aug 31, 2024
Authored by temp66, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit
advisories | CVE-2023-22515
SHA-256 | 4b9c8ff2a00bfcb510bc8d0808226331e1d0aff918dc0237aea9ac812e546033
Atlassian Confluence Data Center And Server Authentication Bypass
Posted Feb 27, 2024
Authored by unknown, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit
advisories | CVE-2023-22515
SHA-256 | c9933148dbb3513e341045ef4dcef5999b02882361749da2c6cd6cfe8c0471bc
pfSense Restore RRD Data Command Injection
Posted Jul 13, 2023
Authored by Emir Polat | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.

tags | exploit, arbitrary, root
advisories | CVE-2023-27253
SHA-256 | aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1
CVAT 2.0 Server-Side Request Forgery
Posted Nov 11, 2022
Authored by Emir Polat

CVAT version 2.0 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2022-31188
SHA-256 | 73ffdc8cbd20cddc5c30e6639b40f7a33ca517dc70a0e528dc0b60ad3c12a4f2
Webmin Package Updates Command Injection
Posted Aug 10, 2022
Authored by Christophe de la Fuente, Emir Polat | Site metasploit.com

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.

tags | exploit, arbitrary
advisories | CVE-2022-36446
SHA-256 | 40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3
Webmin 1.996 Remote Code Execution
Posted Aug 1, 2022
Authored by Emir Polat

Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-36446
SHA-256 | a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
Posted May 24, 2021
Authored by Emir Polat

Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.

tags | exploit, remote, arbitrary, file inclusion, file upload
SHA-256 | fca5df7ad0d34a5f7b8addf705a53ad2dd0527cb631c1a47240bfd8afd22f8d1
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close