Lucene search
+L

7 matches found

rapid7blog
rapid7blog
added 2024/04/12 5:47 p.m.33 views

Metasploit Weekly Wrap-Up 04/12/24

Account Takeover using Shadow Credentials The new release of Metasploit Framework includes a Shadow Credentials module added by smashery used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained wit...

7.8AI score0.5132EPSS
Exploits8
circl
circl
added 2024/04/05 2:39 p.m.44 views

CVE-2024-24725

creationtimestamp| type| source ---|---|--- 2024-04-05 14:39:59+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gibbonauthrcecve202424725.rb 2024-04-07 23:07:24+00:00| seen| https://t.me/arpsyndicate/4387 2025-02-06 03:13:46+00:00| seen|...

8.8CVSS8.1AI score0.5132EPSS
Exploits7References2
packetstorm
packetstorm
added 2024/04/05 12:0 a.m.495 views

Gibbon School Platform 26.0.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gibbon onlin...

6.8AI score0.5132EPSS
Exploits7
cve
cve
added 2024/03/23 12:0 a.m.127 views

CVE-2024-24725

Gibbon CVE-2024-24725 affects Gibbon up to version 26.0.00 and earlier, enabling remote authenticated PHP deserialization via columnOrder in a POST to modules/System Admin/import_run.php&type=externalAssessment&step=4. Metasploit’s gibbon_auth_rce_cve_2024_24725 module documents this as a Remote ...

8.8CVSS6.4AI score0.5132EPSS
Exploits7References2Affected Software1
packetstorm
packetstorm
added 2024/03/19 12:0 a.m.293 views

Gibbon LMS 26.0.00 PHP Deserialization / Code Execution

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...

7.4AI score0.5132EPSS
Exploits7
exploitdb
exploitdb
added 2024/03/18 12:0 a.m.372 views

Gibbon LMS < v26.0.00 - Authenticated RCE

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...

8.8CVSS6.6AI score0.5132EPSS
Exploits7
zdt
zdt
added 2024/03/18 12:0 a.m.400 views

Gibbon LMS < v26.0.00 - Authenticated Remote Code Execution Exploit

Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu...

8.8CVSS8.8AI score0.5132EPSS
Exploits7
Rows per page
Query Builder