This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin Duplicator version 1.3.24-1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
70e1c80a4666b4d2d1a2cbdb85a7139a6ae55e39380b9790128d79bb96845537This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 less than or equal to 1.11.2. The JobManager REST API fails to validate user-supplied log file paths, allowing retrieval of arbitrary files with the privileges of the web server user. This Metasploit module has been tested successfully on Apache Flink version 1.11.2 on Ubuntu 18.04.4.
776647522193812481f55a112c7a98a591a11cb7829c40e7841d4b5813acf9faThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
fab2eeb88db6a1f9b11eed6c490a6ca021dd6f8237a47b405d41bd041a36af45This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.
6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8dThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
187052df5b77471af6ad467ad2dc057df0f9c9a641dd2c9d116e4f60896dcc30WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
6976952649b949f1c677f4557fec06bb177e699a8fe16b809dfddb9cd2ec1b25This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.
79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4dThis Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.
b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4dThis Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress Duplicator plugin versions 1.3.24 through 1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
4ea50cf867ab79c361dd72e12949f0f0d61e20bd60dd59c1e49252679fd3c7a8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed