This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 […]
This Metasploit module exploits a command injection vulnerability in the Collectd graphing functionality in LibreNMS. The to and from parameters used to define the range for a graph are sanitized using the mysqli_escape_real_string() function, which permits backticks. These parameters are used as part of a shell command that gets executed via the passthru() function, which […]
WordPress Ecpay Logistics For WooCommerce plugin version 1.2.181030 suffers from a cross site scripting vulnerability.
This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the binary as a privileged user.
Pulse Secure versions 8.1R15.1, 8.2, 8.3, and 9.0 SSL VPN remote code execution exploit.
FusionPBX version 4.4.8 remote code execution exploit.
Microsoft Windows suffers from an NTFS privileged file access enumeration vulnerability. Attackers possessing user-only rights can gather intelligence or profile other user account activities by brute forcing a correct file name due to inconsistent error messaging.
Facebook Messenger suffered from an application crash denial of service vulnerability when sent a single hyphen.
WordPress versions 5.2.3 and below remote cross site host modification proof of concept demo exploit.
This Metasploit module exploits a flaw in the WSReset.exe Windows Store Reset Tool. The tool is run with the “autoElevate” property set to true, however it can be moved to a new Windows directory containing a space (C:Windows System32) where, upon execution, it will load our payload dll (propsys.dll).