Lucene search
K

4 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/09/06 5:56 p.m.6 views

Metasploit Weekly Wrap-Up 09/06/2024

Honey, I shrunk the PHP payloads This release contains more PHP payload improvements from Julien Voisin. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size,...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/07/01 12:0 a.m.156 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.6AI score0.99813EPSS
In wildExploits26References6
0day.today
0day.today
added 2024/04/01 12:0 a.m.287 views

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

9.8CVSS10AI score0.78303EPSS
Exploits6
0day.today
0day.today
added 2023/09/21 12:0 a.m.544 views

TOTOLINK Wireless Routers Remote Command Execution Exploit

Multiple TOTOLINK network products contain a command injection vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the command parameter. After exploitation, an attacker will have full access with the same user privileges under...

9.8CVSS8.2AI score0.25889EPSS
Exploits4
Rows per page
Query Builder