what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Alexander Gonzalez

Atlassian Jira Authenticated Upload Code Execution

Posted Nov 14, 2018

Authored by Alexander Gonzalez | Site metasploit.com

This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin Manager(UPM). The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request against the UPM component. The check command will test the validity of user supplied credentials and test for access to the plugin manager.

tags | exploit

SHA-256 | fb47812af6f170c72f706227c7635ea0efcb1f492374881294375137a6d0c137

Download | Favorite | View

EMC RecoverPoint Command Injection

Posted Feb 2, 2018

Authored by Geoffrey Janjua, Mike Erman, Alexander Gonzalez, Jack Backer | Site emc.com

EMC RecoverPoint version 5.x suffers from a command injection vulnerability.

tags | advisory

advisories | CVE-2018-1184, CVE-2018-1185

SHA-256 | 6b1050b2ca38267b3498c17f1c55292cdac22c743a228f0a16cc8ca7991c18af

Download | Favorite | View