This Metasploit module generates a download and execute Powershell command to be placed in an .SLK Excel spreadsheet. When executed, it will retrieve a payload via HTTP from a web server. When the file is opened, the user will be prompted to “Enable Content.” Once this is pressed, the payload will execute.
This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh “whoami” } In addition, ANONYMOUS users also have the authority to JOB […]
Joomla ABook Alexandria Book Library version 3.1.4 suffers from a remote SQL injection vulnerability.
Joomla Agora version 4.10 suffers from bypass and remote SQL injection vulnerabilities.
Joomla BookLibrary version 4.0.31 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla ExtCalendar version 2.0 suffers from a remote SQL injection vulnerability.
Joomla JoomGallery version 3.2.2 and PonyGallery version 2.5.1 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla Mosets Hot Property version 1.0.0 suffers from a remote SQL injection vulnerability.
Joomla PhocaGuestBook version 3.0.8 suffers from database disclosure and remote SQL injection vulnerabilities.
Joomla SermonSpeaker version 5.9.0 suffers from database disclosure and remote SQL injection vulnerabilities.
