62 matches found
Referral Beware, Your Rewards are Mine (Part 1)
The post Referral Beware, Your Rewards are Mine Part 1 appeared first on Rhino Security Labs...
CVE-2025-26147: Authenticated RCE In Denodo Scheduler
The post CVE-2025-26147: Authenticated RCE In Denodo Scheduler appeared first on Rhino Security Labs...
New Pacu Module: Secret Enumeration in Elastic Beanstalk
The post New Pacu Module: Secret Enumeration in Elastic Beanstalk appeared first on Rhino Security Labs...
NetAlertX File Read Vulnerability
This module exploits improper authentication in logs.php endpoint. An unathenticated attacker can request log file and read any file due path traversal vulnerability. Module Options msf use auxiliary/scanner/http/netalertxfileread msf auxiliarynetalertxfileread show actions ...actions... msf...
Unauthenticated RCE in NetAlertX
An attacker can update NetAlertX settings with no authentication, which results in RCE. Module Options msf use exploit/linux/http/netalertxrcecve202446506 msf exploitnetalertxrcecve202446506 show targets ...targets... msf exploitnetalertxrcecve202446506 set TARGET msf...
CVE-2025-0693: AWS IAM User Enumeration
The post CVE-2025-0693: AWS IAM User Enumeration appeared first on Rhino Security Labs...
CVE-2024-46506: Unauthenticated RCE in NetAlertx
The post CVE-2024-46506: Unauthenticated RCE in NetAlertx appeared first on Rhino Security Labs...
CVE-2024-46507: Yeti Platform Server-Side Template Injection (SSTI)
The post CVE-2024-46507: Yeti Platform Server-Side Template Injection SSTI appeared first on Rhino Security Labs...
CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’
The post CloudGoat Official Walkthrough Series: ‘sqsflagshop’ appeared first on Rhino Security Labs...
CloudGoat: New Scenario and Walkthrough (sns_secrets)
The post CloudGoat: New Scenario and Walkthrough snssecrets appeared first on Rhino Security Labs...
CloudGoat Official Walkthrough Series: ‘glue_privesc’
The post CloudGoat Official Walkthrough Series: ‘glueprivesc’ appeared first on Rhino Security Labs...
Exploit for OS Command Injection in Progress Loadmaster
CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️...
Vestaboard: Exploring Broken Access Controls and Privilege Escalation
The post Vestaboard: Exploring Broken Access Controls and Privilege Escalation appeared first on Rhino Security Labs...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit
This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...
Progress Flowmon Local sudo privilege escalation
This module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PHP code it c...
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Flowmon...
Kemp LoadMaster Local sudo Privilege Escalation Exploit
This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such,...
Kemp LoadMaster Unauthenticated Command Injection
This module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after vversion 7.2.48.1. The following versions are patched: 7.2.59.2 GA, 7.2.54.8 LTSF and 7.2.48.10 LTS. Module Options msf use...
Exploit for OS Command Injection in Progress Loadmaster
CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster 🛡️...