This Metasploit module exploits an authentication bypass vulnerability in D-Link DSL 320B less than or equal tov1.23. This vulnerability allows to extract the credentials for the remote management interface.
46b12d46c687aab16789fe43c6f1a2ff95ae781adbba6ee2c13bae048f23ea0c
This Metasploit module targets an authentication bypass vulnerability in the mini_http binary of several Netgear Routers running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The vulnerability allows unauthenticated attackers to reveal the password for the admin user that is used to log into the routers administrative portal, in plaintext. Once the password has been been obtained, the exploit enables telnet on the target router and then utiltizes the auxiliary/scanner/telnet/telnet_login module to log into the router using the stolen credentials of the admin user. This will result in the attacker obtaining a new telnet session as the "root" user. This vulnerability was discovered and exploited by an independent security researcher who reported it to SSD.
b64800ebe35ccd348243151eddc846891e371e499d5629a34a60850c0cbe7c61
This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
6863a81671e2c9181fc762b376462302051ea799490c07fe8f165bc20e6d3514
This Metasploit module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in property_box.php. This Metasploit module was tested against Oracle Secure Backup version 10.3.0.1.0 (Win32).
16474ed0f873351c852148c57a073ca86fa3cdb0b63dfb8b35602ac09c210c32
This Metasploit module exploits CVE-2024-5806, an authentication bypass vulnerability in the MOVEit Transfer SFTP service. The following version are affected: * MOVEit Transfer 2023.0.x (Fixed in 2023.0.11) * MOVEit Transfer 2023.1.x (Fixed in 2023.1.6) * MOVEit Transfer 2024.0.x (Fixed in 2024.0.2) The module can establish an authenticated SFTP session for a MOVEit Transfer user. The module allows for both listing the contents of a directory, and the reading of an arbitrary file.
e42c18fe2ecf06ede012b90f30e4d6c190c704e7d0189584fe141737a2f2eeab
This Metasploit module will extract Domain Controller credentials from vulnerable installations of HP SNAC as distributed with HP ProCurve 4.00 and 3.20. The authentication bypass vulnerability has been used to exploit remote file uploads. This vulnerability can be used to gather important information handled by the vulnerable application, like plain text domain controller credentials. This Metasploit module has been tested successfully with HP SNAC included with ProCurve Manager 4.0.
aed454bc14ce73f32076d32a64079806c8be0da490907a6f04fd8ad00e038838
This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up.
d84c00616d548716b9414d5a60ebf17fd0c1065bb413ce49d1a747e954c01fc0
Red Hat Security Advisory 2024-5982-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a bypass vulnerability.
dea1c5df22b38b677801b6ea524c8a48a81a0f3f2ae4e8d30dd88d017d8b57a9
Red Hat Security Advisory 2024-5980-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
ac70b27d0174b640b0084de261db2ac80e0a082b60086fd3fed81943b2c9a0b1
Medical Center Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
4d30a67a0ab94c8ceed55ef0165e2eedf1d276131b5341cfc581bf2954c04b02
Red Hat Security Advisory 2024-5815-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.
569f61780dc9652437da28a87851c83315d45be578fe00cbe44247b6034288ab
Login System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
6246efe507f796ffbcf438b89a4e64415367c7c634bcb20d80f59a253f813619
Loan Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ed75910910f3f594bf680ca801e599334e60fa3ca166470f03bfa31c27d4c6c4
Employee Record Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
48f74abd4ae2b0a4eefcbc41869e56c73b5b26ad8ea6f55bc7ef2939ebb312a7
DETS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8e871e7f49c2379860d7b67c7b6819a9dfb93577e9139f8863c582714f30982a
Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a3ae790e1f332d8ff787915e2feb853d7c3e614aeaea67361861ea7d18bb27df
Client Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
25d183ad1ab808d8eb37c605403875c32f55a1eb9742ca2f0a1e77e0b7ce0951
CCMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
de9151d5ff302677fb5da77053693b392b8644cb6845abb56a920fd62a7f579c
Biobook Social Networking Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fa0e4caf860abda8bbabc5103e38c78e393907f876e4a4b9d5dd3cb7513396cf
AVMS Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
44299386859b222bfbf61e5b31081de5872353d1be32639a637563ae9c557c3f
Karya Online Shopping Portal version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ace5835235cc9816aa9586e82f7882eca16802f166866858074cc02f513e907c
Red Hat Security Advisory 2024-5200-03 - Red Hat OpenShift Container Platform release 4.12.63 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a bypass vulnerability.
2567d437c092512847a194b9f32fd74daa5a5e813f3857ccbe039c9ba188cc54
Human Resource Management System 2024 version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3800f1816111f1edbb9091c2250c05c9601784c51aa09742476281c2862e85c3
Hotel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2536c30b03f92e1a431ba68657f0b804165f343b2b4f604f1211f7bfc5be9a1a
Red Hat Security Advisory 2024-5315-03 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a bypass vulnerability.
2e3007243d9646ee5654809507539754868647eb457320815e16f0558cbe2b6b