This Metasploit module will extract user credentials from Network Shutdown Module versions 3.21 and earlier by exploiting a vulnerability found in lib/dbtools.inc, which uses unsanitized user input inside a eval() call. Please note that in order to extract credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).
921f1cb83b71ef6bfa2aab158a543785357e309930d4aaee95e759f291ab9463The named pipe, \SUPipeServer, can be accessed by normal users to interact with the System update service. The service provides the possibility to execute arbitrary commands as SYSTEM if a valid security token is provided. This token can be generated by calling the GetSystemInfoData function in the DLL tvsutil.dll. Please, note that the System Update is stopped by default but can be started/stopped calling the Executable ConfigService.exe.
a1b4e2c233f7b4436e33e4531fa6f85ed939d5f69470091600ce9b27ca87965aTWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.
1b0c49a5daa22309c31f3ebfc498ee87664cbe412bded297b0f3fac32d95a90bThis Metasploit module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images version 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.
d111cecf145c4dabb425662dffda4d1cf8b9241d370037c752f93b57412ecb27This Metasploit module exploits a file upload vulnerability in ManageEngine Eventlog Analyzer. The vulnerability exists in the agentUpload servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses a remote attacker can achieve remote code execution. This Metasploit module has been tested successfully on versions v7.0 - v9.9 b9002 in Windows and Linux. Versions between 7.0 and < 8.1 are only exploitable via EAR deployment in the JBoss server, while versions 8.1+ are only exploitable via a JSP upload.
7a0773137d222dd2f47bbc5c83d57f0b5cff637f5610d1a372378c64bc78f404This Metasploit module abuses the "RunScript" procedure provided by the SOAP interface of Adobe InDesign Server, to execute arbitrary vbscript (Windows) or applescript(OSX). The exploit drops the payload on the server and must be removed manually.
a474d8f16474af9f0443d62d7ed406752fc73bffa28c33ce13eddc4d8ac8e269This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).
ca94d18543aafa961d153b779642fdaf4da2fc45b207ec0756a59de101a2cf5dThis Metasploit module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The DeploymentFileRepository methods are only available on Jboss 4.x and 5.x.
c6b0010812e226801e4d081ec2319bf266148f85a99286b7a0ea268acccbcd45
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed