:: Deepquest ::

FlexAir Access Control versions 2.3.38 and below remote root command injection exploit.

FlexAir Access Control version 2.3.38 authenticated remote root exploit that leverages command injection via a SetNTPServer request.

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3 Access Controller.

Prima Access Control version 2.3.35 authenticated python script upload remote root code execution exploit.

Prima Access Control version 2.3.35 suffers from a persistent cross site scripting vulnerability.

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included […]

This Metasploit module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env(1) command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulse_secure_file_disclosure for a pre-auth file read that is able to obtain plaintext and hashed credentials, plus session IDs that […]

This Metasploit module exploits a vulnerability in Bludit. A remote user could abuse the uuid parameter in the image upload feature in order to save a malicious payload anywhere onto the server, and then use a custom .htaccess file to bypass the file extension check to finally get remote code execution.

Linear eMerge E3 1.00-06 – Remote Code Execution

ScanGuard Antivirus 2020 – Insecure Folder Permissions