6 matches found
CVE-2020-7350
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to b...
CVE-2020-7350 Metasploit Framework Plugin Libnotify Command Injection
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to b...
CVE-2020-7350
CVE-2020-7350 affects Rapid7 Metasploit Framework libnotify plugin. Versions before 5.0.85 allow OS command injection via untrusted data in a remote hostname/service name; an attacker must supply a crafted file processed by db_import to trigger code execution on the operator’s terminal. A fix was...
Metasploit Libnotify Arbitrary Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit Libnotify Plugin Arbitrary Command Execution', 'Description' = %q This module exploits a shell command injection vulnerability in the...
CVE-2020-7350
creationtimestamp| type| source ---|---|--- 2020-04-16 21:12:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/fileformat/metasploitlibnotifycmdinjection.rb 2024-10-28 14:37:49+00:00| published-proof-of-concept|...
Metasploit Libnotify Plugin Arbitrary Command Execution
This module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...