Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

WordPress Total Upkeep Unauthenticated Backup Downloader

This Metasploit module exploits an unauthenticated database backup vulnerability in WordPress plugin Boldgrid-Backup also known as Total Upkeep version < 1.14.10. First, env-info.php is read to get server information. Next, restore-info.json is read to retrieve the last backup file. That backup is then downloaded, and any sql files will be parsed looking for the wp_users INSERT statement to grab user creds.

Packet Storm
#sql#vulnerability#js#git#wordpress#php#auth
Carlo Gavazzi Energy Meters Login Brute Force, Extract Info And Dump Plant Database

This Metasploit module scans for Carlo Gavazzi Energy Meters login portals, performs a login brute force attack, enumerates device firmware version, and attempt to extract the SMTP configuration. A valid, admin privileged user is required to extract the SMTP password. In some older firmware versions, the SMTP config can be retrieved without any authentication. The module also exploits an access control vulnerability which allows an unauthenticated user to remotely dump the database file EWplant.db. This db file contains information such as power/energy utilization data, tariffs, and revenue statistics. Vulnerable firmware versions include - VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17.

Oracle ISQLPlus SID Check

This Metasploit module attempts to bruteforce the SID on the Oracle application server iSQL*Plus login pages. It does this by testing Oracle error responses returned in the HTTP response. Incorrect username/pass with a correct SID will produce an Oracle ORA-01017 error. Works against Oracle 9.2, 10.1 and 10.2 iSQL*Plus. This Metasploit module will attempt to fingerprint the version and automatically select the correct POST request.

Telpho10 Backup Credentials Dumper

This Metasploit module exploits a vulnerability present in all versions of Telpho10 telephone system appliance. This Metasploit module generates a configuration backup of Telpho10, downloads the file and dumps the credentials for admin login, phpmyadmin, phpldapadmin, etc. This Metasploit module has been successfully tested on the appliance versions 2.6.31 and 2.6.39.

ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection

ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CSV format. PMP can use both MySQL and PostgreSQL databases but this module only exploits the latter as MySQL does not support stacked queries with Java. PostgreSQL is the default database in v6.8 and above, but older PMP versions can be upgraded and continue using MySQL, so a higher version does not guarantee exploitability. This Metasploit module has been tested on v6.8 to v7.1 build 7104 on both Windows and Linux. The vulnerability is fixed in v7.1 build 7105 and above.

pgAdmin 8.4 Remote Code Execution

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

Red Hat Security Advisory 2024-6020-03

Red Hat Security Advisory 2024-6020-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-6018-03

Red Hat Security Advisory 2024-6018-03 - An update for the postgresql:13 module is now available for ed Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-6001-03

Red Hat Security Advisory 2024-6001-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8.