Showing 1 - 4 of 4

Files from r00t

First Active	2007-10-30
Last Active	2024-01-31

Mirth Connect 4.4.0 Remote Command Execution: Posted Jan 31, 2024; Authored by r00t, Spencer McIntyre, Naveen Sunkavally | Site metasploit.com; A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This Metasploit module has been tested on versions 4.1.1, 4.3.0 and 4.4.0.; tags | exploit, web; advisories | CVE-2023-37679, CVE-2023-43208; SHA-256 | c858fd93ded0a54a221c8cbb76027c1a54979c692f2f5ec5173f8b90a63ff30f; Download | Favorite | View

NetAccess IP3 Command Injection: Posted Sep 16, 2009; Authored by r00t; NetAccess IP3 suffers from a command injection vulnerability.; tags | exploit; SHA-256 | fce11ff0afb25454ee10efa70bb5080b29c7801b75050b83cf95a6ba5c816157; Download | Favorite | View

profile-upload.txt: Posted Oct 30, 2007; Authored by r00t; ProfileCMS version 1.0 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell, file upload; SHA-256 | c296f1459616acc9f2cf7271d8b4871aa941fd5223357aa0c0128269884d2c64; Download | Favorite | View

msrs-rfi.txt: Posted Oct 30, 2007; Authored by r00t; MySpace Resource Script (MSRC) version 1.21 suffers from a remote file inclusion vulnerability.; tags | exploit, remote, code execution, file inclusion; SHA-256 | 3a6be3baad413c82853a1e0a61150eacf286e74290b5c99729e01567d5923433; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days