17 matches found
Apache Flink JobManager Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JobManager Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Flink...
Nginx 1.20.0 - Denial of Service Exploit
Exploit Title: Nginx 1.20.0 - Denial of Service DOS Exploit Author: Mohammed Alshehri - https://Github.com/M507 Vendor Homepage: https://nginx.org/ Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0 Version: 0.6.18 - 1.20.0 Tested on: Ubuntu 18.04.4 LTS bionic CVE:...
Apache Flink JAR Upload Java Code Execution
This module uses job functionality in Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2 on Ubuntu...
Apache Flink JobManager Traversal
This module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 use auxiliary/scanner/http/apacheflinkjobmanagertraversal msf auxiliaryapacheflinkjobmanagertraversal show actions ...actions... msf auxiliaryapacheflinkjobmanagertraversal set ACTION msf...
CMS Made Simple 2.2.14 Shell Upload
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting
Exploit Title: LimeSurvey 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting Date: 2020-08-23 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.3.10+200812 Tested on: Ubuntu 18.04.4 Patch Link:...
LimeSurvey 4.1.11 - (Permission Roles) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 Patch Link:...
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting
Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting Date: 05/26/2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 Patch Link:...
LimeSurvey 4.1.11 Cross Site Scripting
Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting Date: 05/26/2020 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 Patch Link:...
Node.js third-party modules: [diskstats] Command Injection via insecure command concatenation
I would like to report a Command Injection issue in the diskstats module. It allows to execute arbitrary commands on the victim's PC. Module module name: diskstats version: 0.0.2 npm page: https://www.npmjs.com/package/diskstats Module Description This library uses df to pull disk information suc...
Node.js third-party modules: [extra-asciinema] Command Injection via insecure command formatting
I would like to report a Command Injection issue in the extra-asciinema module. It allows to execute arbitrary commands on the victim's PC. Module module name: extra-asciinema version: 1.0.5 npm page: https://www.npmjs.com/package/extra-asciinema Module Description asciinema is a terminal screen...
LimeSurvey 4.1.11 Cross Site Scripting
Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...
LimeSurvey 4.1.11 - (Survey Groups) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE :...
LimeSurvey 4.1.11 - 'File Manager' Path Traversal
Exploit Title: LimeSurvey 4.1.11 - 'File Manager' Path Traversal Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11455 Vulnerability Details Description : A path...
LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...
LimeSurvey 4.1.11 Path Traversal
Exploit Title: LimeSurvey 4.1.11 - 'File Manager' Path Traversal Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11455 Vulnerability Details Description : A path...