This Metasploit module exploits a directory traversal in F5’s BIG-IP Traffic Management User Interface (TMUI) to upload a shell script and execute it as the root user.
>> CATEGORY: exploit
Various CDATA OLTs suffer from backdoor access with telnet, credential leaks, shell escape with root privileges, denial of service, and weak encryption algorithm vulnerabilities.
Proof of concept exploit for ClearPass Policy Manager which suffers from an unauthenticated remote command execution vulnerability.
File Management System version 1.1 suffers from a persistent cross site scripting vulnerability.
RiteCMS version 2.2.1 suffers from an authenticated remote code execution vulnerability.
Proof of concept exploit that leverages a double-free in the DDGifSlurp function in decoding.c in the android-gif-drawable library in order to achieve remote code execution in WhatsApp.
Grafana version 7.0.1 denial of service proof of concept exploit.
Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.
Fire Web Server version 0.1 remote denial of service proof of concept exploit.