Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Exploit DB
Exploit DBadded 2015/03/16 12:0 a.m.300 views

ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' = %q This module exploits a remote command execution RCE vulnerability in...

9.8CVSS9.8AI score0.92326EPSS
Exploits19
0day.today
0day.todayadded 2015/03/12 12:0 a.m.375 views

ElasticSearch Search Groovy Sandbox Bypass Exploit

This Metasploit module exploits a remote command execution RCE vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox ca...

7.5CVSS0.5AI score0.92326EPSS
Exploits19
Metasploit
Metasploitadded 2015/03/10 4:4 a.m.384 views

ElasticSearch Search Groovy Sandbox Bypass

This module exploits a remote command execution RCE vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypass...

9.8CVSS10AI score0.92326EPSS
Exploits19
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.14 views

ElasticSearch Dynamic Script Arbitrary Java Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

7.1AI score
Exploits0
0day.today
0day.todayadded 2013/12/24 12:0 a.m.89 views

Zimbra Collaboration Server LFI Vulnerability

This Metasploit module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to crea...

5CVSS9.6AI score0.92406EPSS
Exploits7
Packet Storm
Packet Stormadded 2013/12/23 12:0 a.m.49 views

Zimbra Collaboration Server LFI

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'Zimbra Collaboration Server LFI', 'Description' = %q This module exploits a local file inclusion on Zimbra...

5CVSS9.5AI score0.92406EPSS
Exploits7
Rows per page
Query Builder