11 matches found
Exploit for OS Command Injection in Klogserver Klog_Server
Information py Exploit Title: Klog Server 2.4.1 - Command...
Metasploit Wrap-Up
GSoC Rocks! In a rare double whammy, one of our 2020 Google Summer of Code GSoC participants has authored a PR containing both enhancements & a new module! Improvements to our SQL injection library now allow PostgreSQL injection, and this new functionality has been verified with both a test modul...
Klog Server 2.4.1 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server authenticate.php user Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injectio...
Klog Server 2.4.1 Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server Unauthenticated Command Injection Vulnerability', 'Description' = %q This module exploits an unauthenticated command injection...
Klog Server 2.4.1 - Unauthenticated Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server Unauthenticated Command Injection Vulnerability', 'Description' = %q This module exploits an unauthenticated command injection...
KLog Server Command Injection (CVE-2020-35729)
A command injection vulnerability exists in KLog Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Klog Server 2.4.1 - Command Injection (Unauthenticated)
Exploit Title: Klog Server 2.4.1 - Command Injection Unauthenticated Date: 22.12.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.klogserver.com/ Version: 2.4.1 Tested On: Ubuntu 18.04 CVE: 2020-35729 Description:...
CVE-2020-35729
creationtimestamp| type| source ---|---|--- 2021-01-05 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49366 2021-01-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49474 2021-02-12 17:48:56+00:00| seen|...
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...
CVE-2020-35729
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...
CVE-2020-35729
Klog Server 2.4.1 and earlier versions are affected by an unauthenticated command injection in authenticate.php. The vulnerability uses the user parameter, passed to shell_exec(), allowing arbitrary commands as the apache user; the sudoers setup can grant root privileges, enabling full system com...