Security
Headlines
HeadlinesLatestCVEs

Latest News

WordPress NextGEN Gallery Directory Read

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress Plugin "NextGEN Gallery" version 2.1.7, allowing to read arbitrary directories with the web server privileges.

Packet Storm
#vulnerability#web#js#git#wordpress#php#auth
SAP BusinessObjects Web User Bruteforcer

This Metasploit module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp.

Cisco ASA Directory Traversal

This Metasploit module exploits a directory traversal vulnerability in Ciscos Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software. It lists the contents of Ciscos VPN web service which includes directories, files, and currently logged in users.

NFR Agent SRS Record Arbitrary Remote File Access

NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to retrieve arbitrary files via a request to /FSF/CMD with a SRS Record with OPERATION 4 and CMD 103, specifying a full pathname. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).

Supermicro Onboard IPMI Static SSL Certificate Scanner

This Metasploit module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This Metasploit module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214.

Linksys E1500 Directory Traversal

This Metasploit module exploits a directory traversal vulnerability which is present in different Linksys home routers, like the E1500.

Apache Axis2 1.4.1 Local File Inclusion

This Metasploit module exploits an Apache Axis2 v1.4.1 local file inclusion (LFI) vulnerability. By loading a local XML file which contains a cleartext username and password, attackers can trivially recover authentication credentials to Axis services.

Microsoft IIS Shortname Scanner

The vulnerability is caused by a tilde character "~" in a GET or OPTIONS request, which could allow remote attackers to disclose 8.3 filenames (short names). In 2010, Soroush Dalili and Ali Abbasnejad discovered the original bug (GET request). This was publicly disclosed in 2012. In 2014, Soroush Dalili discovered that newer IIS installations are vulnerable with OPTIONS.

JBoss Scanner

This Metasploit module scans a JBoss instance for a few vulnerabilities.

TVT NVMS-1000 Directory Traversal

This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in TVT network surveillance management software-1000 version 3.4.1. NVMS listens by default on port 80.