Lucene search
K

10 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/01/07 5:28 p.m.164 views

Metasploit Wrap-Up

Dump Windows secrets from Active Directory This week, our very own Christophe De La Fuente added an important update to the existing Windows Secret Dump module. It is now able to dump secrets from Active Directory, which will be very useful for Metasploit users. This new feature uses the Director...

7.5CVSS0.2AI score0.93514EPSS
Exploits61
Metasploit
Metasploit
added 2022/01/05 5:42 p.m.158 views

Wordpress Plugin Catch Themes Demo Import RCE

The Wordpress Plugin Catch Themes Demo Import versions use exploit/multi/http/wpcatchthemesdemoimport msf exploitwpcatchthemesdemoimport show targets ...targets... msf exploitwpcatchthemesdemoimport set TARGET msf exploitwpcatchthemesdemoimport show options ...show and set options... msf...

7.2CVSS7.1AI score0.55729EPSS
Exploits6
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.303 views

WordPress Catch Themes Demo Import Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Catch Themes Demo Import RCE', 'Description' = %q The Wordpress Plugin Catch Themes Demo Import versions MSFLICENSE, 'Author' =...

7.2CVSS0.55729EPSS
Exploits6
0day.today
0day.today
added 2021/12/09 12:0 a.m.461 views

Wordpress Catch Themes Demo Import 1.6.1 Plugin- Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...

7.2CVSS0.1AI score0.55729EPSS
Exploits6
Packet Storm
Packet Storm
added 2021/12/09 12:0 a.m.407 views

WordPress Catch Themes Demo Import 1.6.1 Shell Upload

Exploit Title: Wordpress Plugin Catch Themes Demo Import 1.6.1 - Remote Code Execution RCE Authenticated Date 07.12.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wordpress.org/plugins/catch-themes-demo-import/ Software Link:...

7.2CVSS7.2AI score0.55729EPSS
Exploits6
Circl
Circl
added 2021/10/22 12:37 a.m.32 views

CVE-2021-39352

creationtimestamp| type| source ---|---|--- 2021-10-22 00:37:33+00:00| seen| https://t.me/cibsecurity/30996 2022-01-04 21:04:47+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wpcatchthemesdemoimport.rb 2025-02-06 03:13:45+00:00| seen|...

7.2CVSS7.5AI score0.55729EPSS
Exploits6References2
NVD
NVD
added 2021/10/21 8:15 p.m.54 views

CVE-2021-39352

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS0.55729EPSS
Exploits6References7
Vulnrichment
Vulnrichment
added 2021/10/21 7:38 p.m.18 views

CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS7.6AI score0.55729EPSS
Exploits6References7
Cvelist
Cvelist
added 2021/10/21 7:38 p.m.49 views

CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the /inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with...

7.2CVSS7.5AI score0.55729EPSS
Exploits6References7
CVE
CVE
added 2021/10/21 7:38 p.m.112 views

CVE-2021-39352

CVE-2021-39352 affects the WordPress plugin Catch Themes Demo Import, vulnerable in versions up to 1.7 (pre-1.8). The root cause is insufficient file-type validation in ~/inc/CatchThemesDemoImport.php, enabling an authenticated administrator to upload arbitrary files that can be used for remote c...

7.2CVSS7.4AI score0.55729EPSS
Exploits6References7Affected Software1
Rows per page
Query Builder