Showing 1 - 6 of 6

Files Date: 2019-08-23 to 2019-08-24

Exim 4.91 Local Privilege Escalation: Posted Aug 23, 2019; Authored by Marco Ivaldi, Dennis Herrmann, Guillaume Andre, Qualys | Site metasploit.com; This Metasploit module exploits a flaw in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to command execution with root privileges.; tags | exploit, root; advisories | CVE-2019-10149; SHA-256 | 7b1fe00dfa2c9cc882752b38e5a6e0f2df1617a466c97478e2257a3f314a59fd; Download | Favorite | View

Webmin 1.920 password_change.cgi Backdoor: Posted Aug 23, 2019; Authored by wvu | Site metasploit.com; This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.; tags | exploit, perl; advisories | CVE-2019-15107; SHA-256 | a77b36da3b341bc12695770cadbf155d839a3d53526172e82c4c2022be857299; Download | Favorite | View

CoreFTP Server MDTM Directory Traversal: Posted Aug 23, 2019; Authored by Kevin Randall | Site metasploit.com; An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and the last modified date.; tags | exploit, remote, root, file inclusion; advisories | CVE-2019-9649; SHA-256 | 02a55797ad317b26e2c3f852933ef7c93cfeefe8fa481fb85daa30044a0ac1f7; Download | Favorite | View

Nimble Streamer 3.x Directory Traversal: Posted Aug 23, 2019; Authored by MaYaSeVeN; Nimble Stream versions 3.0.2-2 up to 3.5.4.9 suffer from a directory traversal vulnerability.; tags | exploit, file inclusion; advisories | CVE-2019-11013; SHA-256 | d4e2eef4ec2a68327bca6670f26198fa08d3b398340ddedb3a57f6a605b92afe; Download | Favorite | View

WordPress Import Export WordPress Users 1.3.1 CSV Injection: Posted Aug 23, 2019; Authored by Javier Olmedo; WordPress Import Export WordPress Users plugin version 1.3.1 suffers from a CSV injection vulnerability.; tags | exploit; advisories | CVE-2019-15092; SHA-256 | 2eb7970101409491db20486c52214cd1254e4bdb419a711ba6b82115810d9f67; Download | Favorite | View

CoreFTP Server SIZE Directory Traversal: Posted Aug 23, 2019; Authored by Kevin Randall | Site metasploit.com; An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information.; tags | exploit, file inclusion; advisories | CVE-2019-9648; SHA-256 | 55d5c601f24989f0cd87c1d30f3e4d2e24da10d2ffdf9b41b6aeffd9d3a3e8cc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days