A SQL injection vulnerability in Fortra FileCatalyst Workflow versions 5.1.6 build 135 and earlier allows remote attackers, including anonymous ones, to exploit a SQL injection via the JOBID parameter. This could lead to unauthorized SQL commands execution such as table deletion or admin user creation. This module without authentication creates an administrative user, proceeds to authenticate with this newly created user to assess if the system is vulnerable. This module does not install an agent but instead creates an administrator user for FileCatalyst.s
An authenticated user can exploit a command injection vulnerability in the web components of Ivanti Connect Secure (9.x and 22.x) to execute arbitrary commands. This module exploits two vulnerabilities. First, it leverages the lack of authentication in "/api/v1/totp/user-backup-code", allowing unauthenticated access and path traversal. Then, it uses this vulnerability to access the system and execute remote commands in "/api/v1/license/key-status/path:node_name". The deployed agent will run with ROOT privileges.
A directory traversal vulnerability in the WebResourceServiceImpl class of org.sonatype.nexus.internal.webresources allows unauthenticated remote attackers to download any file, including system files outside of Sonatype Nexus Repository Manager application scope. This module exploits the directory traversal to download the file specified in the "FILE PATH" parameter and to save it locally in the location specified in the "OUTPUT PATH" parameter.
This module uses a server side template injection vulnerability in CrushFTP to check if the target is vulnerable to CVE-2024-4040 . If the target is vulnerable, the module will download the specified file and log several server variables.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
This module exploits an OS Command Injection to deploy an agent in Jetbrains TeamCity. The vulnerability is in the handleRequestInternal method of the BaseController class which allows bypass of authentication in HTTP requests with a path that return a 404 response and that contain an HTTP parameter named jsp. The path must end with the ".jsp" string and cannot contain the "admin/" string.
This vulnerability allows unauthenticated attackers to read arbitrary files on the Jenkins controller file system by exploiting a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents. This could expose sensitive information and compromise the integrity of the system. This exploit does not install any agent.
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Wordpress POST SMPT Plugin is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Pagination
- Previous page
- Page 7
- Next page