what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files from Matthew Aberegg

First Active2020-02-20
Last Active2024-09-01
LimeSurvey Zip Path Traversals
Posted Sep 1, 2024
Authored by h00die, Alejandro Parodi, Matthew Aberegg, Michael Burkey, Federico Fernandez | Site metasploit.com

This Metasploit module exploits an authenticated path traversal vulnerability found in LimeSurvey versions between 4.0 and 4.1.11 with CVE-2020-11455 or less than or equal to 3.15.9 with CVE-2019-9960, inclusive. In CVE-2020-11455 the getZipFile function within the filemanager functionality allows for arbitrary file download. The file retrieved may be deleted after viewing, which was confirmed in testing. In CVE-2019-9960 the szip function within the downloadZip functionality allows for arbitrary file download. Verified against 4.1.11-200316, 3.15.0-181008, 3.9.0-180604, 3.6.0-180328, 3.0.0-171222, and 2.70.0-170921.

tags | exploit, arbitrary
advisories | CVE-2019-9960, CVE-2020-11455
SHA-256 | 9f74526757273c5edcea64339d62718ea0a109843590d25d98a39b5da99e5413
Nagios XI 5.7.3 Remote Code Execution
Posted Apr 19, 2021
Authored by Chris Lyne, Matthew Aberegg, Erik Wynter | Site metasploit.com

This Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user.

tags | exploit, remote, php, code execution
advisories | CVE-2020-5791
SHA-256 | 5f3ec659fe836f33c81a4956f9541aeece789fd3ec657e3f2f83dc70252319dc
Nagios XI 5.7.5 Cross Site Scripting
Posted Jan 21, 2021
Authored by Matthew Aberegg

Nagios XI version 5.7.5 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4febae028f2ec9906d31ce98cffc3f41e96ecccd5a3b2d4ca6eb3d9517b0d893
Pandora FMS 7.0 NG 750 SQL Injection
Posted Dec 22, 2020
Authored by Matthew Aberegg, Alex Prieto

Pandora FMS version 7.0 NG 750 suffers from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 94815c26559505298a1cb1fc0a69e0cedbaea0f40be9da21f98b28c6648ad498
Pandora FMS 7.0 NG 749 SQL Injection
Posted Nov 14, 2020
Authored by Matthew Aberegg, Alex Prieto

Pandora FMS version 7.0 NG 749 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 253dfa7a3e2d99996a09dec0b093012c662b738d84a7d09ccec7a3e7f7c02a96
Nagios XI 5.7.3 Remote Command Injection
Posted Oct 28, 2020
Authored by Chris Lyne, Matthew Aberegg

Nagios XI version 5.7.3 mibs.php remote command injection exploit.

tags | exploit, remote, php
advisories | CVE-2020-5791
SHA-256 | 6855f4caf30f9e7751d6594a73e43b55ca31b7b9ddebeacdfa7108721c29da09
Nagios XI 5.7.3 SQL Injection
Posted Oct 19, 2020
Authored by Matthew Aberegg

Nagios XI version 5.7.3 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 82b5072b097cfc9ee8e14516de519e5f967e2c631a1db0b0f42f75a586287ae2
Nagios XI 5.7.3 Cross Site Scripting
Posted Oct 19, 2020
Authored by Matthew Aberegg

Nagios XI version 5.7.3 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4fb54bf9b67120af093e8294b8bf12473e68f30bcea96459ee8225a52a579b83
LimeSurvey 4.3.10 Cross Site Scripting
Posted Aug 24, 2020
Authored by Matthew Aberegg

LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cad7a2d628bc94ce40dffb4a6b2b190126d7c4340fcc10dd46b615020e134487
osTicket 1.14.1 Cross Site Scripting
Posted May 27, 2020
Authored by Matthew Aberegg

osTicket version 1.14.1 has been found to be susceptible to multiple additional persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | ece38dfe0b78b4d12c78d458561067a0b97f2949cd82f199e0d6a0061f46a19d
LimeSurvey 4.1.11 Cross Site Scripting
Posted May 27, 2020
Authored by Matthew Aberegg

LimeSurvey version 4.1.11 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 30d939865abf87145843d253320e96f1e28e072f156c8b7e3c9cd97c71aed39a
LimeSurvey 4.1.11 Cross Site Scripting
Posted Apr 6, 2020
Authored by Matthew Aberegg, Michael Burkey

LimeSurvey version 4.1.11 suffers from a Survey Groups persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11456
SHA-256 | df3e45472fe0c92c7d67f5d5dc0037bf3764a1c3defb70f0ed668401e0954839
pfSense 2.4.4-P3 User Manager Cross Site Scripting
Posted Apr 6, 2020
Authored by Matthew Aberegg

pfSense version 2.4.4-P3 suffers from a User Manager persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-11457
SHA-256 | 57226099c9505a4e67a7f8bfe20c56ced5e7cde849785f5bc51e18f02ff9ce95
LimeSurvey 4.1.11 Path Traversal
Posted Apr 3, 2020
Authored by Matthew Aberegg, Michael Burkey

LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2020-11455
SHA-256 | bf5a0e91bdbc5c3f5a359190e6096a3b9eeab16103c3bf4d7cd42dc1a31b6492
rConfig 3.9.4 Remote Command Injection
Posted Mar 23, 2020
Authored by Matthew Aberegg, Michael Burkey

rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability.

tags | exploit, remote, php
SHA-256 | 46da4988737c90304318720180a381f97a3554b50c1410cead0b35bc43ad5e5d
Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write
Posted Feb 20, 2020
Authored by Matthew Aberegg, Michael Burkey, Palaczynski Jakub | Site metasploit.com

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given directory. To use this module with the cron exploitation method, run the exploit using the given payload, host, and port. After running the exploit, the payload will be executed within 60 seconds. Due to differences in how cron may run in certain Linux operating systems such as Ubuntu, it may be preferable to set the target to Bash Completion as the cron method may not work. If the target is set to Bash completion, start a listener using the given payload, host, and port before running the exploit. After running the exploit, the payload will be executed when a user logs into the system. For this exploitation method, bash completion must be enabled to gain code execution. This exploitation method will leave an Apache James mail object artifact in the /etc/bash_completion.d directory and the malicious user account.

tags | exploit, code execution, bash
systems | linux, ubuntu
advisories | CVE-2015-7611
SHA-256 | 38aec6cad30d28bc144df66f4ad6d698b59a52c8a529a3cc66391e571ee852c6
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close