7 matches found
Metasploit Weekly Wrap-Up 04/12/24
Account Takeover using Shadow Credentials The new release of Metasploit Framework includes a Shadow Credentials module added by smashery used for reliably taking over an Active Directory user account or computer, and letting future authentication to happen as that account. This can be chained wit...
CVE-2024-24725
creationtimestamp| type| source ---|---|--- 2024-04-05 14:39:59+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gibbonauthrcecve202424725.rb 2024-04-07 23:07:24+00:00| seen| https://t.me/arpsyndicate/4387 2025-02-06 03:13:46+00:00| seen|...
Gibbon School Platform 26.0.00 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gibbon onlin...
CVE-2024-24725
Gibbon CVE-2024-24725 affects Gibbon up to version 26.0.00 and earlier, enabling remote authenticated PHP deserialization via columnOrder in a POST to modules/System Admin/import_run.php&type=externalAssessment&step=4. Metasploit’s gibbon_auth_rce_cve_2024_24725 module documents this as a Remote ...
Gibbon LMS 26.0.00 PHP Deserialization / Code Execution
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...
Gibbon LMS < v26.0.00 - Authenticated RCE
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Date: 22.01.2024 Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00...
Gibbon LMS < v26.0.00 - Authenticated Remote Code Execution Exploit
Exploit Title: Gibbon LMS has a PHP Deserialization vulnerability on the v26.0.00 version Exploit Author: SecondX.io Research TeamAli Maharramli,Fikrat Guliev,Islam Rzayev Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on: Ubuntu...