what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Enrique Castillo

Palo Alto Expedition 1.2.91 Remote Code Execution

Posted Nov 13, 2024

Authored by Enrique Castillo, Zach Hanley, Michael Heinzl | Site metasploit.com

This Metasploit module lets you obtain remote code execution in Palo Alto Expedition versions 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the second vulnerability, CVE-2024-9464, is an authenticated OS command injection. In a default installation, commands will get executed in the context of www-data. When credentials are provided, this module will only exploit the second vulnerability. If no credentials are provided, the module will first try to reset the admin password and then perform the OS command injection.

tags | exploit, remote, code execution

advisories | CVE-2024-24809, CVE-2024-5910

SHA-256 | df2c6c91b0ec6249f500e20b70f386982ccf89ee425960ccceff8fd524cb14ff

Download | Favorite | View

D-Link DIR605L 2.08 Denial Of Service

Posted Nov 16, 2017

Authored by Enrique Castillo

D-Link DIR605L versions 2.08 and below suffer from a denial of service vulnerability via a simple HTTP GET.

tags | exploit, web, denial of service

advisories | CVE-2017-9675

SHA-256 | 5e2db716ffb704216a68d8836c2e2f0029bc36eef29b0931c8dc4c36e24af98b

Download | Favorite | View