Lucene search
K

97 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/06/19 5:8 p.m.6 views

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlmrelay2self module coerces the local machine account to authenticate via...

10CVSS6.8AI score0.01972EPSS
Exploits11
Metasploit
Metasploit
added 2026/06/16 7:2 p.m.148 views

Xerte Online Toolkits Arbitrary File Upload - Unauthenticated Media Upload

This module bypasses authentication failure, extension blacklist, and path traversal vulnerabilities in the /editor/elfinder/php/connector.php endpoint to upload and execute a shell in Xerte Online Toolkits versions 3.15 commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as there's no patch versions...

5.6AI score
Exploits0
Circl
Circl
added 2026/06/16 3:57 p.m.6 views

CVE-2026-41459

creationtimestamp| type| source ---|---|--- 2026-06-16 15:57:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/xerteunauthenticatedmediaupload.rb...

6.9CVSS5AI score0.00801EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/25 1:22 a.m.12 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.4AI score0.02826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/25 1:22 a.m.11 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS5.8AI score0.03575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/23 8:38 p.m.5 views

CVE-2026-41459

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS5.8AI score0.00801EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.9 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 9:32 p.m.8 views

EUVD-2026-25068

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.3AI score0.02826EPSS
Exploits1References8
EUVD
EUVD
added 2026/04/22 9:32 p.m.6 views

EUVD-2026-25069

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS6AI score0.03575EPSS
Exploits1References8
EUVD
EUVD
added 2026/04/22 9:32 p.m.11 views

EUVD-2026-25073

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS5.8AI score0.00801EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/22 9:32 p.m.13 views

EUVD-2026-25067

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References8
NVD
NVD
added 2026/04/22 7:17 p.m.5 views

CVE-2026-41459

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS0.00801EPSS
Exploits1References6
NVD
NVD
added 2026/04/22 7:17 p.m.5 views

CVE-2026-34415

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS0.03575EPSS
Exploits1References8
NVD
NVD
added 2026/04/22 7:17 p.m.12 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS0.02804EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:33 p.m.3 views

CVE-2026-34413

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/04/22 6:33 p.m.30 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS0.02804EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/04/22 6:33 p.m.5 views

CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php

Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit or die, allowing PHP execution to continue and process the...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References8
CVE
CVE
added 2026/04/22 6:33 p.m.14 views

CVE-2026-34413

Xerte Online Toolkits 3.15 and earlier suffer a missing authentication vulnerability in the elFinder connector endpoint /editor/elfinder/php/connector.php. An HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request se...

8.8CVSS6.6AI score0.02804EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/04/22 6:33 p.m.5 views

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS6AI score0.03575EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/04/22 6:33 p.m.29 views

CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector

Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...

9.8CVSS0.03575EPSS
Exploits1References8
Rows per page
Query Builder