A message header injection vulnerability in Apache Camel allows unauthenticated remote attackers to execute OS system commands.
Enhance identity management in exploits. * Linked created identities in the Module Output: Added a reference to the created identity in the Module Output. * Added Validated and Validated in properties to identities: Ensured that created identities include Validated=True and are associated with the target (Validated in) where they were verified.
Ivanti Connect Secure contains a stack-based buffer overflow that allows unauthenticated remote attackers to execute system commands in the context of the nr user.
An SQL injection vulnerability in F5 BIG-IP Next Central Manager may allow unauthenticated remote attackers to bypass authentication in the target application.
The CVE-2024-24401 vulnerability in Nagios XI version 2024R1.01 allows a remote attacker to execute arbitrary code through an SQL injection in the monitoringwizard.php component. Successful exploitation of this vulnerability can compromise the confidentiality, integrity, and availability of the affected system. The CVE-2024-24402 vulnerability affects Nagios XI version 2024R1.01, enabling a remote attacker to escalate privileges via a crafted script targeting the /usr/local/nagios/bin/npcd component. This flaw could allow unauthorized attackers to gain elevated privileges on affected systems, compromising the integrity and security of the Nagios XI monitoring system and connected infrastructure.
This module exploits CVE-2024-5910 to reset the password of the admin. For doing this, it will craft a special request to the endpoint /OS/startup/restore/restoreAdmin.php. After getting the admin password, it will authenticate with the admin credentials and it will exploit CVE-2024-9464 in order to deploy an agent. The exploitation of CVE-2024-9464 consists in crafting a special request to the endpoint /bin/CronJobs.php. As an authenticated user we can abuse this endpoint for inserting commands in the table cronjobs from pandb. After inserting the command into this table, the target will execute it.
CVE-2023-43208 stems from an insecure data deserialization process in Mirth Connect's use of the XStream library, which improperly processes untrusted XML payloads.This deserialization flaw enables us to exploit the system by sending crafted XML requests to execute code remotely on the server.
A chain of vulnerabilities in cups-browsed, libcupsfilters, libppd and cups-filters allows unauthenticated remote attackers to execute system commands.
In GeoServer prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to all GeoServer instances. In order to exploit this vulnerability, this module sends an evil XPath expression that after being processed by the commons-jxpath library allows us to deploy an agent.
This module exploits an issue in GitLab CE/EE that allows sending reset emails to an unverified email address. In order to takeover the account, the module will exploit the vulnerability adding the attacker's email to the JSON from /users/password endpoint, then it will connect via IMAP to the attacker's email, parse the reset email and change the password. All versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 are affected.