Jump to content

Updated Exploits

YOUR-AD-HERE

TOOLS

Locked Exploits Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal

1337day-Exploits

By 1337day-Exploits
June 19, 2019 in Updated Exploits

Start new topic

Recommended Posts

1337day-Exploits

Hacker

1337day-Exploits

Posted June 19, 2019

- Share

Posted June 19, 2019

This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability.

This is the hidden content, please

Link to comment

Share on other sites

Guest

This topic is now closed to further replies.

Go to topic listing

Similar Content
- Scam Pages+Letters+Exploits+Tools Pack [Priv8]
  
  By Alexander007, Sunday at 02:15 PM
  - letters
  - scampages
  - (and 2 more)
    
    Tagged with:
    
    letters
    
    scampages
    
    exploits
    
    tools pack
  - 0 replies
  - 69 views
- exploit AuthMeBridge Exploit
  
  By ~~tify~~ , May 15, 2023
  - minecraft
  - authmebridge exploit
  - (and 4 more)
    
    Tagged with:
    
    minecraft
    
    authmebridge exploit
    
    authmebridge
    
    minecraft exploits
    
    minecraft exploit
    
    exploits
  - 0 replies
  - 355 views
- The US Cybersecurity and Infrastructure Protection Agency (CISA) - Launch new tool
  
  By dEEpEst, March 24, 2023
  - new
  - launch
  - (and 8 more)
    
    Tagged with:
    
    new
    
    launch
    
    (cisa)
    
    agency
    
    protection
    
    infrastructure
    
    and
    
    cybersecurity
    
    the
    
    tool
  - 0 replies
  - 158 views
- Untitled Goose Tool is a robust and flexible hunt and incident response tool that adds novel authentication and data gathering methods in order to run a full investigation against a customer’s Azure Active Directory (AzureAD), Azure, and M365 environments
  
  By dEEpEst, March 24, 2023
  - untitled
  - goose
  - (and 27 more)
    
    Tagged with:
    
    untitled
    
    goose
    
    tool
    
    robust
    
    and
    
    flexible
    
    hunt
    
    incident
    
    response
    
    that
    
    adds
    
    novel
    
    authentication
    
    data
    
    gathering
    
    methods
    
    order
    
    run
    
    full
    
    investigation
    
    against
    
    customer’s
    
    azure
    
    active
    
    directory
    
    (azuread),
    
    azure,
    
    m365
    
    environments
  - 0 replies
  - 90 views
- Xplus Prime Activated [APK]
  
  By itsMe, March 6, 2023
  - xplus
  - prime
  - (and 2 more)
    
    Tagged with:
    
    xplus
    
    prime
    
    activated
    
    [apk]
  - 0 replies
  - 277 views

×

Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.