14 matches found
ColdFusion password.properties Hash Extraction
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ColdFusion 'password.properties' Hash Extraction", 'Description' = %q This module uses a directory traversal vulnerability to extract information...
Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug
Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed...
Adobe ColdFusion 9 - Administrative Login Bypass
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include...
Adobe ColdFusion 9 Administrative Login Bypass
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-2 | | http://packetstormsecurity.com/ |...
Adobe ColdFusion 9 Administrative Login Bypass Vulnerability
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that can be carried over to the admin web interfa...
Adobe ColdFusion 9 - Administrative Authentication Bypass (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe ColdFusion 9 Administrative Login Bypass', 'Description' = %q Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attacker...
Adobe ColdFusion 9 Administrative Login Bypass
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe ColdFusion 9 Administrative Login Bypass', 'Description' = %q Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attacker...
Adobe ColdFusion 9 - Administrative Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-2 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Adobe...
Packet Storm Advisory 2013-0819-2 - Adobe ColdFusion 9 Administrative Login Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0819-2 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Adobe...
Adobe ColdFusion Authentication Bypass (APSB13-13)
The version of Adobe ColdFusion running on the remote host has an authentication bypass vulnerability. When RDS is disabled and not configured with password protection, it is possible to authenticate as an administrative user without providing a username or password. A remote, unauthenticated...
ColdFusion 'password.properties' Hash Extraction
This module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This module has been tested successfully on ColdFusion 9 and ColdFusion 10 auto-detect. This module requires Metasploit: https://metasploit.com/download Current...
ColdFusion 9 / 10 Remote Root Exploit
ColdFusion version 9 and 10 remote root zero day exploit !/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m"...
ColdFusion 9-10 - Credential Disclosure
!/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m" red = "\x1b1;31m" clear = "\x1b0m" print...
ColdFusion 9 / 10 Remote Root
!/usr/bin/env python -- coding: utf-8 -- intro=""" Cold ,''' Fusion || | | \ / | Cold ,''' /-- Fusion | | | | / |. Cold -,,' Fusion Name : ColdSub-Zero.pyFusion v2 Description : CF9-10 Remote Root Zeroday Crew : HTP """ cyan = "\x1b1;36m" red = "\x1b1;31m" clear = "\x1b0m" print...