1337day-Exploits

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version). View the full article

Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload. View the full article

Impress CMS version 1.4.0 suffers from a cross site scripting vulnerability. View the full article

Webtareas versions 2.1 and 2.1p suffer from multiple cross site scripting vulnerabilities. View the full article

HelloWeb version 2.0 suffers from an arbitrary file download vulnerability. View the full article

Barangay Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. View the full article

Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PDU (whole portfolio), LCP-CW, and IoT Interface 3124.300. View the full article

A memory corruption vulnerability is present in bspatch as shipped in Colin Percival's bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries. Proof of concept included. View the full article

Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution. View the full article

A file hijacking vulnerability was found in the Microsoft OneDrive client. This vulnerability allows a local attacker to plant a DLL file on the local machine. This DLL will then be loaded whenever (another) user launches OneDrive, running with the privileges of the victim. This issue was successfully verified on Microsoft OneDrive version 19.232.1124.0010. View the full article

WordPress Power's WHOIS Domain Check plugin version 0.9.31 suffers from a persistent cross site scripting vulnerability. View the full article

Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings. View the full article

Savsoft Quiz version 5 suffers from a persistent cross site scripting vulnerability. View the full article

SuperMicro IPMI version 03.40 suffers from a cross site request forgery vulnerability. View the full article

BSA Radar version 1.6.7234.24750 suffers from a cross site request forgery vulnerability. View the full article