10 matches found
Metasploit Wrap-Up
Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...
Wordpress Plugin Catch Themes Demo Import RCE
The Wordpress Plugin Catch Themes Demo Import versions use exploit/multi/http/wpcatchthemesdemoimport msf exploitwpcatchthemesdemoimport show targets ...targets... msf exploitwpcatchthemesdemoimport set TARGET msf exploitwpcatchthemesdemoimport show options ...show and set options... msf...
WordPress Catch Themes Demo Import Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Catch Themes Demo Import RCE', 'Description' = %q The Wordpress Plugin Catch Themes Demo Import versions MSFLICENSE, 'Author' =...
WordPress Catch Themes Demo Import 1.6.1 Shell Upload
Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Date 07.12.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...
Wordpress Catch Themes Demo Import 1.6.1 Plugin- Remote Code Execution Exploit
Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...
CVE-2021-39352
creationtimestamp| type| source ---|---|--- 2021-10-22 00:37:33+00:00| seen| https://t.me/cibsecurity/30996 2022-01-04 21:04:47+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wpcatchthemesdemoimport.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2021-39352
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...
CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...
CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...
CVE-2021-39352
CVE-2021-39352 affects the WordPress plugin Catch Themes Demo Import, vulnerable in versions up to 1.7 (pre-1.8). The root cause is insufficient file-type validation in ~/inc/CatchThemesDemoImport.php, enabling an authenticated administrator to upload arbitrary files that can be used for remote c...