Lucene search
+L

10 matches found

zdt
zdt
added 2023/07/21 12:0 a.m.251 views

pfSense v2.7.0 - OS Command Injection Exploit

Exploit Title: pfSense v2.7.0 - OS Command Injection Exploit Author: Emir Polat CVE-ID : CVE-2023-27253 class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of...

8.8CVSS7.1AI score0.90655EPSS
Exploits4
exploitdb
exploitdb
added 2023/07/20 12:0 a.m.367 views

pfSense v2.7.0 - OS Command Injection

Exploit Title: pfSense v2.7.0 - OS Command Injection Exploit Author: Emir Polat CVE-ID : CVE-2023-27253 class MetasploitModule 'pfSense Restore RRD Data Command Injection', 'Description' = %q This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of...

8.8CVSS9.2AI score0.90655EPSS
Exploits4
rapid7blog
rapid7blog
added 2023/07/14 7:48 p.m.62 views

Metasploit Weekly Wrap-Up

Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments 5.6.1. This module exploits an auth by-pass vulnerability in the...

10CVSS8.2AI score0.90655EPSS
Exploits20
metasploit
metasploit
added 2023/07/12 7:51 p.m.521 views

pfSense Restore RRD Data Command Injection

This module exploits an authenticated command injection vulnerabilty in the "restorerrddata" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup & Restore" privilege to execute arbitrary operating system commands as the "root"...

8.8CVSS9.6AI score0.90655EPSS
Exploits4
circl
circl
added 2023/03/18 1:31 a.m.13 views

CVE-2023-27253

creationtimestamp| type| source ---|---|--- 2023-03-18 01:31:52+00:00| seen| https://t.me/cibsecurity/60279 2023-07-12 18:53:26+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsenseconfigdataexec.rb 2025-02-06 03:13:45+00:00| seen|...

8.8CVSS8.6AI score0.90655EPSS
Exploits4References3
nvd
nvd
added 2023/03/17 10:15 p.m.47 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

8.8CVSS9AI score0.90655EPSS
Exploits4References3
cvelist
cvelist
added 2023/03/17 12:0 a.m.50 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

9.2AI score0.90655EPSS
Exploits4References3
vulnrichment
vulnrichment
added 2023/03/17 12:0 a.m.14 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

9AI score0.90655EPSS
Exploits4References3
osv
osv
added 2023/03/17 12:0 a.m.24 views

CVE-2023-27253

A command injection vulnerability in the function restorerrddata of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml...

8.8CVSS8.2AI score0.90655EPSS
Exploits4References5
cve
cve
added 2023/03/17 12:0 a.m.111 views

CVE-2023-27253

pfSense pfSense v2.7.0 is affected by CVE-2023-27253 through a command injection in restore_rrddata() that lets an authenticated user cause arbitrary OS commands by altering the contents of config.xml. Affected component is the restore_rrddata() function; the vulnerability is exploited via crafte...

8.8CVSS8.9AI score0.90655EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder