Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

Linux Distros Unpatched Vulnerability : CVE-2026-48687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2022-50911

...

EUVD-2002-2024

Malware in sbrugna...

EUVD-2005-0430

Malware in sbrugna...

EUVD-2019-6681

Malware in sbrugna...

CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

HaxCMS-PHP Command Injection Vulnerability

Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

Linux Distros Unpatched Vulnerability : CVE-2012-2335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and...

ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution

This module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicio...

Exploit for OS Command Injection in Php

Incident Response Walkthrough: Mitigating a Zero-Day Attack...

Progress Flowmon Local sudo privilege escalation

This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...

FusionCMS (FusionGen) Takeover account - Predictable Key and Password Generation in Password Recovery Feature

Description It was discovered that the password recovery feature on the website is vulnerable to predictable key and password generation. An attacker is able to predict the key used in the password recovery process and the generated password itself by using a specific PHP command and the user's...

Metasploit Weekly Wrap-UP

GLPI htmLawed PHP Command Injection Our very own bwatters-r7 wrote a module for an unauthenticated PHP command injection vulnerability that exists in various versions of GLPI. The vulnerability is due to a third-party vendor test script being present in default installations. A POST request to...

GLPI 10.0.2 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GLPI htmLawed php command injection', 'Description' = %q This exploit takes advantage of a unauthenticated php command injection available from...

WordPress Weblizar 8.9 Plugin - Backdoor Vulnerability

Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...

Exploit for Deserialization of Untrusted Data in Aioseo All_In_One_Seo

Admin PHP unserialization RCE in All in one SEO pack CVE-202...

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...