This Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog appliances (software version < May 2016 release) to extract Administrator password for the device management portal.
d93c088abc0e3aba59a5a03a43b8b57830fee0e8f25c25fecb18e0546ee066f7This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary file from the remote server. It is accomplished by calling the getFileInternal operation available through the APISiteScopeImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.
ac2a6c8b7ee1032f4592faca207812805ca78af0323e9f167ee599f82c2b95f3This Metasploit module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 (authentication required).
93f676088b4bc7377e1f0804692d7f6fbe7d6fe554f223e42bf5907a14bb549dThis Metasploit module identifies IPMI 2.0-compatible systems that are vulnerable to an authentication bypass vulnerability through the use of cipher zero.
26e9ad81107fc09e95e82be07f34c04f0ca67ba5b75765817108fcc2774346dfThis Metasploit module exploits an authentication bypass vulnerability in DIR 645 < v1.03. With this vulnerability you are able to extract the password for the remote management.
7fe8b8b74336f5dc7dd1fec74d9b8ce3315a1065aebd43f4c022aa9e9817bb7bThis Metasploit module exploits an authentication bypass vulnerability in different Netgear devices. It allows you to extract the password for the remote management interface.
6ec21b301158f8e8563ec1fe1e9c6b675e162a88cdc41ce6a56f70fa586ab250This Metasploit module exploits an authentication bypass vulnerability in D-Link DSL 320B less than or equal tov1.23. This vulnerability allows to extract the credentials for the remote management interface.
46b12d46c687aab16789fe43c6f1a2ff95ae781adbba6ee2c13bae048f23ea0cThis Metasploit module targets an authentication bypass vulnerability in the mini_http binary of several Netgear Routers running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The vulnerability allows unauthenticated attackers to reveal the password for the admin user that is used to log into the routers administrative portal, in plaintext. Once the password has been been obtained, the exploit enables telnet on the target router and then utiltizes the auxiliary/scanner/telnet/telnet_login module to log into the router using the stolen credentials of the admin user. This will result in the attacker obtaining a new telnet session as the "root" user. This vulnerability was discovered and exploited by an independent security researcher who reported it to SSD.
b64800ebe35ccd348243151eddc846891e371e499d5629a34a60850c0cbe7c61This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
6863a81671e2c9181fc762b376462302051ea799490c07fe8f165bc20e6d3514This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
16474ed0f873351c852148c57a073ca86fa3cdb0b63dfb8b35602ac09c210c32This Metasploit module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The following version are affected: * MOVEit Transfer 2023.0.x (Fixed in 2023.0.11) * MOVEit Transfer 2023.1.x (Fixed in 2023.1.6) * MOVEit Transfer 2024.0.x (Fixed in 2024.0.2) The module can establish an authenticated SFTP session for a MOVEit Transfer user. The module allows for both listing the contents of a directory, and the reading of an arbitrary file.
e42c18fe2ecf06ede012b90f30e4d6c190c704e7d0189584fe141737a2f2eeabThis Metasploit module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handled by the vulnerable application, like plain text domain controller credentials. This Metasploit module has been tested successfully with HP SNAC included with ProCurve Manager 4.0.
aed454bc14ce73f32076d32a64079806c8be0da490907a6f04fd8ad00e038838This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.
d84c00616d548716b9414d5a60ebf17fd0c1065bb413ce49d1a747e954c01fc0Red Hat Security Advisory 2024-5982-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a bypass vulnerability.
dea1c5df22b38b677801b6ea524c8a48a81a0f3f2ae4e8d30dd88d017d8b57a9Red Hat Security Advisory 2024-5980-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
ac70b27d0174b640b0084de261db2ac80e0a082b60086fd3fed81943b2c9a0b1Medical Center Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4d30a67a0ab94c8ceed55ef0165e2eedf1d276131b5341cfc581bf2954c04b02Red Hat Security Advisory 2024-5815-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.
569f61780dc9652437da28a87851c83315d45be578fe00cbe44247b6034288abLogin System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6246efe507f796ffbcf438b89a4e64415367c7c634bcb20d80f59a253f813619Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ed75910910f3f594bf680ca801e599334e60fa3ca166470f03bfa31c27d4c6c4Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
48f74abd4ae2b0a4eefcbc41869e56c73b5b26ad8ea6f55bc7ef2939ebb312a7DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8e871e7f49c2379860d7b67c7b6819a9dfb93577e9139f8863c582714f30982aCompany Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a3ae790e1f332d8ff787915e2feb853d7c3e614aeaea67361861ea7d18bb27dfClient Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
25d183ad1ab808d8eb37c605403875c32f55a1eb9742ca2f0a1e77e0b7ce0951CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
de9151d5ff302677fb5da77053693b392b8644cb6845abb56a920fd62a7f579cBiobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fa0e4caf860abda8bbabc5103e38c78e393907f876e4a4b9d5dd3cb7513396cf
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed