This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
e395c3372dc6eda5878d64b4b3e2b759c5bfaffe8d57ca9fdfd36a0bab7bf55b
Debian Linux Security Advisory 5813-1 - Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.
e9c9a8326794040dd9177127445ba714c9333b88e1f6e6b41a6df5985ba53e3e
Ubuntu Security Notice 7049-2 - USN-7049-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data.
1ef836801b877272adfe67ac7b50491e2b11f94aae8175ec4b8655236596a7ed
Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9
This is a bash script that is a vulnerability checker for CVE-2024-4577 designed to scan multiple domains for an argument injection vulnerability in PHP-CGI. This tool allows security researchers and system administrators to quickly assess whether their systems or a list of domains are potentially vulnerable to this specific security issue. This issue affected PHP-CGI versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
58c9a80f92e4d182c0940c15a33aa87129477ec3f26f7c5c954d840e6f170fd4
Debian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.
42685e4273634d70bafd4714f19e31d4040f05cb92368cbeef41a2ca9b018002
ABB Cylon Aspect version 3.08.01 has a vulnerability in caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files, where the presence of an EXPERTMODE parameter activates a badassMode feature. This mode allows an unauthenticated attacker to bypass MD5 checksum validation during file uploads. By enabling badassMode and setting the skipChecksum parameter, the system skips integrity verification, allowing attackers to upload or install altered CalDAV zip files without authentication. This vulnerability permits unauthorized file modifications, potentially exposing the system to tampering or malicious uploads.
accf80983115dc5908f4545001f436450bd05752c8b5b6b674a1efd83446277b
SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.
d1c79ff390d1eddef9aea5b0debce0087e67faf0b8c82c4f6c4ee4fde8484a34
ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.
876239c6ba18bd17cf52cea349bc4116a278ec0160c9a365202602eb0c5d0e08
ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized information disclosure in the jsonProxy.php endpoint. An unauthenticated attacker can retrieve sensitive system information, including system time, uptime, memory usage, and network load statistics. The jsonProxy.php endpoint proxies these requests to internal services without requiring authentication, allowing attackers to obtain detailed system status data, which could aid in further attacks by revealing operational characteristics and resource utilization.
54ba1ca2869094716720e73937f51fe840979ccab5472dbfb97b23f87b366ff1
ABB Cylon Aspect version 3.08.01 is vulnerable to unauthorized SSH service configuration changes via the jsonProxy.php endpoint. An unauthenticated attacker can enable or disable the SSH service on the server by accessing the FTControlServlet with the sshenable parameter. The jsonProxy.php script proxies requests to localhost without enforcing authentication, allowing attackers to modify SSH settings and potentially gain further unauthorized access to the system.
3e98b4b396141e37a68a75be90c6aec7e9ecbd76dd24b82d33c08641bd3c4863
ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthenticated denial of service attack in the jsonProxy.php endpoint. An attacker can remotely restart the main Java server by accessing the FTControlServlet with the restart parameter. The endpoint proxies requests to localhost without requiring authentication, enabling attackers to disrupt system availability by repeatedly triggering server restarts.
bcacda1a1bffa6ee6d70a54beaff09b511b2a7ae2d1b536e862440ab2a2c5dd7
ABB Cylon Aspect version 3.08.01 is vulnerable to an unauthorized project file disclosure in jsonProxy.php. An unauthenticated remote attacker can issue a GET request abusing the DownloadProject servlet to download sensitive project files. The jsonProxy.php script bypasses authentication by proxying requests to localhost (AspectFT Automation Application Server), granting remote attackers unauthorized access to internal Java servlets. This exposes potentially sensitive project data and configuration details without requiring authentication.
daeb2790f0aa17137e230e9743c822114097df90c546bcf21d4fe680c859fd52
ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.
a08a2149099c34ec40fd07e93366c624394f11cf20f4846541af94c2dc635080
A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
8ffa9a2a9e36932b192f5259bd78d63cc5dfdd4bd174ea8cf7e0b3c07013638f
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.
94b9c452c40fa97359bd14766458b08e7dbabab381af5bfc9f983be77b4e1601
Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
d393a8fbc83a7853129734872e32346a0060fce6cc2859479ba80540d7ca06af
This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.
f1b5cba01a5fd2ecef43b7a58280b21a88a3060e64cb2735247437f0ade78ff4
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.
cb2141122e64c71654606a390db65e7c398f5ec9a8b5883f4b4d4e29437c9eac
ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to perform network operations such as ping, traceroute, or nslookup on arbitrary hosts or IPs by sending a crafted GET request to networkDiagAjax.php. This could be exploited to interact with or probe internal or external systems, leading to internal information disclosure and misuse of network resources.
ba834768c436bdd03cfa0e894f184203255f093008d021b702ce011abd1f46bb
ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the SQLite DB that contains the configuration mappings information via the FTControlServlet by directly calling the mapConfigurationDownload.php script.
1e21ababb69b9f3204394d4fb7d153f100fd877141aa727c52a4bbeb76315e4d
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script.
c9e65d912e7544e112d86ab5bdaf919b72100eb3203885121a442e427d5ebd32
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script.
745fecf29b9b2473e58492b59fb0c9e867cdd58cc5a3ecbb448313aaa681f34e
ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the MODEM HTTP POST parameter called by the dialupSwitch.php script.
a4086eec7a5ee5c9db9cd5f10469f947a7061c1d4d1d322d7820c84737b04b5e
ABB Cylon Aspect version 3.07.02 suffers from a vulnerability that allows an unauthenticated attacker to enable or disable the SSH daemon by sending a POST request to sshUpdate.php with a simple JSON payload. This can be exploited to start the SSH service on the remote host without proper authentication, potentially enabling unauthorized access or stop and deny service access.
b3763bcb69fec8fa8456518bda4905438794f1034a56b68246980d06fc740b58