Remote Mouse 4.110 Remote Code Execution Exploit

This Metasploit module utilizes the Remote Mouse Server by Emote Interactive protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 4.110, current at the time of module writing. This module...

Mobile Mouse 3.6.0.4 Remote Code Execution Exploit

This Metasploit module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, the current version at the time of module...

com.nesscomputing.components:ness-event-server (>=1.0.0 <=1.1.1), com.nesscomputing.components:ness-httpserver (>=1.0.0 <=2.3.4) +37 more potentially affected by CVE-2014-0168 via org.jolokia:jolokia-core (>=1.0.0 <=1.2.0)

org.jolokia:jolokia-core MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =5.8.0-NESS-1, =1.0.0, =1.4.1, =1.0.0, =1.0.0, =1.2.0, =1.1, =1.1.0.Beta1, =1.1.0.Beta4 and more Source cves: CVE-2014-0168 Source advisory: OSV:GHSA-FJHW-8222-G2HG...

Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

GHSA-HP5X-RQF7-43VF Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

Browse the session filesystem in a Web Browser

This module allows you to browse the session filesystem via a local browser window. Module Options msf use post/multi/manage/fileshare msf postfileshare show actions ...actions... msf postfileshare set ACTION msf postfileshare show options ...show and set options... msf postfileshare run This...

Exploit for CVE-2021-2109

Description Vulnerability in the Oracle WebLogic Server prod...

Selea Targa IP OCR-ANPR Camera - &#039;addr&#039; Remote Code Execution (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - 'addr' Remote Code Execution Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com !/bin/bash Selea Targa IP OCR-ANPR Camera Unauthenticated Remote Code Execution Vendor: Selea s.r.l. Product web page:...

Selea Targa IP OCR-ANPR Camera - Multiple SSRF (Unauthenticated)

Exploit Title: Selea Targa IP OCR-ANPR Camera - Multiple SSRF Unauthenticated Date: 07.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea Targa IP OCR-ANPR Camera Unauthenticated SSRF Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: Model...

Safari Webkit For iOS 7.1.2 JIT Optimization Bug Exploit

This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we...

CRLF Injection

OpenJDK is vulnerable to carriage-return line-feed CRLF injection. The vulnerability exists through HTTP headers in HttpServer...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

Google Chrome 80 JSCreate Side-Effect Type Confusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 80 JSCreate side-effect type confusion exploit', 'Description' = %q This module exploits an issue in Google Chrome 80.0.3987.87 64...

CVE-2020-5403

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

CVE-2020-5403

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

Code injection

Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response...

CVE-2020-5403

CVE-2020-5403 affects Reactor Netty HttpServer, specifically versions 0.9.3 and 0.9.4. The root cause is an URI syntax handling flaw that causes the connection to close prematurely due to a URISyntaxException, instead of returning a 400 Bad Request. This behavior can enable a DoS via malformed UR...

PT-2020-18459 · Reactor Netty · Reactor Netty Http Server

Name of the Vulnerable Software and Affected Versions: Reactor Netty HttpServer versions 0.9.3 through 0.9.4 Description: The issue is related to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. Recommendations: For versions 0.9.3 and...

Cross site scripting

Cross-site scripting XSS vulnerability in the handlerequest function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Cross site request forgery (csrf)

The handlerequest function in lib/HTTPServer.pm in Monitorix before 3.3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the URI...