This Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id.
Wolters Kluwer TeamMate+ version 3.1 with internal version 21.0.0.0 suffers from a cross site request forgery vulnerability.
WordPress Event Tickets plugin version 4.10.7.1 suffers from a CSV injection vulnerability.
IntelBras TELEFONE IP TIP200/200 LITE version 60.61.75.15 dumpConfigFile pre-authentication remote arbitrary file read exploit.
Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template.
Microsoft Outlook Web Access build 15.1.1591 suffers from a remote host header injection vulnerability.
Cisco IronPort C150 suffers from a remote host header injection vulnerability.
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. […]
DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the […]
This Metasploit module abuses a known default password on Cisco UCS Director. The ‘scpuser’ has the password of ‘scpuser’, and allows an attacker to login to the virtual appliance via SSH. This module has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their […]