This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then,…
This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials…
This Metasploit module exploits an arbitrary configuration write/update vulnerability to achieve remote code execution. Unauthenticated users can execute a terminal command under the context of the web server user. Grav…
Tenda D151 & D301 – Configuration Download (Unauthenticated)
Discourse 2.7.0 – Rate Limit Bypass leads to 2FA Bypass
BlackCat CMS 1.3.6 – ‘Multiple’ Stored Cross-Site Scripting (XSS)
WordPress Plugin RSS for Yandex Turbo 1.29 – Stored Cross-Site Scripting (XSS)
Multilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access)
Fast PHP Chat 1.3 – ‘my_item_search’ SQL Injection