MinIO Bootstrap Verify Information Disclosure

MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. Verified...

Lucee Administrator imgProcess.cfm Arbitrary File Write

This module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user. Module Options msf use exploit/linux/http/luceeadminimgprocessfilewrite msf exploitluceeadminimgprocessfilewrite show targets ...targets... msf...

WordPress Plugin Creative Contact Form - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Creative Contact Form Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the...

VUPlayer M3U Buffer Overflow

This module exploits a stack over flow in VUPlayer 'VUPlayer M3U Buffer Overflow', 'Description' = %q This module exploits a stack over flow in VUPlayer MSFLICENSE, 'Author' = 'MC' , 'References' = 'CVE', '2006-6251' , 'OSVDB', '31710' , , 'DefaultOptions' = 'EXITFUNC' = 'process',...