9 matches found
Metasploit Wrap-Up
Wordpress Exploitation Returns What's life without a little WordPress exploitation? Courtesy of Hacker5preme aka Ron Jost and h00die, we now have an exploit for CVE-2021-24862, a bug in the RestorationMagic WordPress plugin prior to 5.0.1.6 whereby user input was not properly escaped in the...
Cisco Small Business RV Series Authentication Bypass and Command Injection
This module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Then the...
Cisco Small Business RV Series Authentication Bypass / Command Injection Exploit
This Metasploit module exploits an authentication bypass CVE-2021-1472 and command injection CVE-2021-1473 in the Cisco Small Business RV series of VPN/routers. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. Th...
Cisco Small Business RV Series Authentication Bypass / Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Small Business RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits an authentication bypass...
cisco RV34X系列身份绕过和远程命令执行漏洞(CVE-2021-1472 CVE-2021-1473)
Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution APRIL 13, 2021 TL;DR In early 2021, we reported a few security issues to Cisco related to their RV34X series of routers, two of which have been recently patched. The issues in question were an authentication bypass...
Cisco RV Authentication Bypass / Code Execution
IoT Inspector Research Lab Security Advisory IOT-20210414-0 title: Cisco RV series Authentication Bypass and Remote Command Execution vendor/product: Cisco https://www.cisco.com/ vulnerable version: RV16X/RV26X: 1.0.01.02 & below. RV34X: 1.0.03.20 & below. fixed version: RV16X/RV26X: 1.0.01.03...
Cisco RV Authentication Bypass / Code Execution Vulnerability
Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A combination of these issues would allow any person who is able to communicate with t...
CVE-2021-1473
creationtimestamp| type| source ---|---|--- 2021-04-15 11:02:09+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3127 2021-05-30 02:19:08+00:00| seen| https://t.me/pwnwikizhchannel/529 2022-02-01 16:55:14+00:00| seen|...
HTTP Headers Remote Code Execution (CVE-2020-10826; CVE-2020-10827; CVE-2020-10828; CVE-2020-13756; CVE-2021-1472; CVE-2021-1473)
HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine...