Posts by Jacquie Harris-ladbrokes立博中文版

1 min Metasploit

Metasploit Weekly Wrap-Up 03/14/25

New module content (1) InvoiceShelf unauthenticated PHP Deserialization Vulnerability Authors: Mickaël Benassouli, Rémi Matasse, and h00die-gr3y [http://github.com/h00die-gr3y] Type: Exploit Pull request: #19950 [http://github.com/rapid7/metasploit-framework/pull/19950] contributed by h00die-gr3y [http://github.com/h00die-gr3y] Path: linux/http/invoiceshelf_unauth_rce_cve_2024_55556 AttackerKB reference: CVE-2024-55556 [http://attackerkb.com/search?q=CVE-2024-55556&referrer=blog] Descripti

2 min Metasploit

Metasploit Weekly Wrap-Up: 02/28/2025

New module content (5) mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896) Author: Michael Heinzl Type: Auxiliary Pull request: #19878 [http://github.com/rapid7/metasploit-framework/pull/19878] contributed by h4x-x0r [http://github.com/h4x-x0r] Path: admin/scada/mypro_mgr_creds AttackerKB reference: CVE-2025-22896 [http://attackerkb.com/search?q=CVE-2025-22896&referrer=blog] Description: This module adds credential harvesting for MySCADA MyPro Manager using CVE-20

3 min Metasploit

Metasploit Wrap-Up 01/10/2025

New module content (5) OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: #19614 [http://github.com/rapid7/metasploit-framework/pull/19614] contributed by vultza [http://github.com/vultza] Path: gather/onedev_arbitrary_file_read AttackerKB reference: CVE-2024-45309 [http://attackerkb.com/search?q=CVE-2024-45309&referrer=blog] Description: This adds an exploit module for an unauthenticated arbitrary file read vulnerability, tracked as CVE-202

2 min Metasploit

Metasploit Weekly Wrap-Up 10/04/2024

New module content (3) cups-browsed Information Disclosure Authors: bcoles and evilsocket Type: Auxiliary Pull request: #19510 [http://github.com/rapid7/metasploit-framework/pull/19510] contributed by bcoles [http://github.com/bcoles] Path: scanner/misc/cups_browsed_info_disclosure Description: Adds scanner module to retrieve CUPS version and kernel version information from cups-browsed services. Acronis Cyber Infrastructure default password remote code execution Authors: Acronis Internatio

2 min Metasploit

Metasploit Weekly Wrap-Up 07/26/2024

New module content (3) Magento XXE Unserialize Arbitrary File Read Authors: Heyder and Sergey Temnikov Type: Auxiliary Pull request: #19304 [http://github.com/rapid7/metasploit-framework/pull/19304] contributed by heyder [http://github.com/heyder] Path: gather/magento_xxe_cve_2024_34102 AttackerKB reference: CVE-2024-34102 [http://attackerkb.com/search?q=CVE-2024-34102&referrer=blog] Description: This adds an auxiliary module for an XXE which results in an arbitrary file in Magento which is

3 min Metasploit

Metasploit Wrap-Up 03/08/2024

New module content (2) GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: #18821 [http://github.com/rapid7/metasploit-framework/pull/18821] contributed by n00bhaxor [http://github.com/n00bhaxor] Path: gather/gitlab_tags_rss_feed_email_disclosure AttackerKB reference: CVE-2023-5612 [http://attackerkb.com/search?q=CVE-2023-5612?referrer=blog] Description: This adds an auxiliary module that leverages an information disclosure vulnerability (CVE

2 min Metasploit

Metasploit Weekly Wrap-Up 1/05/2024

New module content (2) Splunk __raw Server Info Disclosure Authors: KOF2002, h00die, and n00bhaxor Type: Auxiliary Pull request: #18635 [http://github.com/rapid7/metasploit-framework/pull/18635] contributed by n00bhaxor [http://github.com/n00bhaxor] Path: gather/splunk_raw_server_info Description: This PR adds a module for an authenticated Splunk information disclosure vulnerability. This module gathers information about the host machine and the Splunk install including OS version, build, CP

2 min Metasploit

Metasploit Weekly Wrap-Up: Oct. 6, 2023

New module content (3) LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: #18197 [http://github.com/rapid7/metasploit-framework/pull/18197] contributed by dwelch-r7 [http://github.com/dwelch-r7] Path: scanner/ldap/ldap_login Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication against various different protocols and mechanisms. This LDAP login scanner supports multiple types of aut

2 min Metasploit

Metasploit Wrap-Up: 2/17/23

Cisco RV Series Auth Bypass and Command Injection Thanks to community contributor neterum [http://github.com/neterum], Metasploit framework just gained an awesome new module which targets Cisco Small Business RV Series Routers. The module actually exploits two vulnerabilities, an authentication bypass CVE-2022-20705 [http://attackerkb.com/topics/1iBoR0w9Ak/cve-2022-20705?referrer=blog] and a command injection vulnerability CVE-2022-20707 [http://attackerkb.com/topics/J6696vwQVH/cve-2022-20707

Posts by Jacquie Harris

Metasploit Weekly Wrap-Up 03/14/25

Metasploit Weekly Wrap-Up: 02/28/2025

Metasploit Wrap-Up 01/10/2025

Metasploit Weekly Wrap-Up 10/04/2024

Metasploit Weekly Wrap-Up 07/26/2024

Metasploit Wrap-Up 03/08/2024

Metasploit Weekly Wrap-Up 1/05/2024

Metasploit Weekly Wrap-Up: Oct. 6, 2023

Metasploit Wrap-Up: 2/17/23

Popular Topics

Tags

Submit your information and we will get in touch with you.

Thank you for contacting us.

We will be in touch shortly.