HP SiteScope SOAP Call LoadFileContent Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call loadFileContent Remote File Access', 'Description' = %q This module exploits an authentication bypass vulnerability in HP...

WebNMS Framework Server Arbitrary Text File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Arbitrary Text File Download', 'Description' = %q This module abuses a vulnerability in WebNMS Framework Server 5.2 that...

Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF

The plugin does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. PoC On Web Servers other than Windows, the...

WordPress Error Log Viewer plugin <= 1.1.1 - Arbitrary Text File Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Text File Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Error Log Viewer plugin versions = 1.1.1. Solution Update the WordPress Error Log Viewer plugin to the latest available version at least 1.1.2...

HP Release Control - (Authenticated) XML External Entity (Metasploit)

HP Release Control - Authenticated XML External Entity Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Release Control Authenticated XXE', 'Description' = %q This modu...