DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)

DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download Metasploit Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork:...

DotNetNuke DreamSlider 01.01.02 Arbitrary File Download

Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork: inurl:/DesktopModules/DreamSlider/ CVE: Description DotNetNuke DreamSlider Module prior to version...

Jenkins XStream Groovy classpath Deserialization Exploit

This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default...

pfSense 2.3.1_1 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense authenticated group member RCE', 'Description' = %q pfSense, a free BSD based open source firewall distribution, version 's4squatch',...

CVE-2017-1000396

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...

D-Link DIR-850L Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'DIR-850L Unauthenticated OS Command Exec', 'Description' = %q This module leverages an unauthenticated credential disclosure...

Unspecified Vulnerability in Apache HttpClient

Apache HttpClient is the United States Apache Apache Software Foundation is used to provide efficient support for the HTTP protocol client programming toolkit. A security vulnerability exists in the http/impl/client/HttpClientBuilder.java file in version 4.3.x of Apache HttpClient prior to 4.3.1...

DEBIAN-CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

UBUNTU-CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

Design/Logic Flaw

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

CVE-2013-4366

CVE-2013-4366 concerns http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1, where the code does not ensure that the X509HostnameVerifier is non-null. This can allow attackers to trigger unspecified impact via vectors involving hostname verification. Connected documents...

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

Netgear DGN1000 Setup.cgi Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...

Netgear DGN1000 Setup.cgi Unauthenticated RCE

This module exploits an unauthenticated OS command execution vulneralbility in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models. This module requires Metasploit: https://metasploit.com/download Current source:...

LAquis SCADA 4.1.0.2385 Directory Traversal

require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashe...

LAquis SCADA 4.1.0.2385 - Directory Traversal Exploit

Exploit for multiple platform in category remote exploits require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The...