![]() The curl request is executed using popen and allows the attacker to inject commands via the Cookie field. Then the upload.cgi binary will use the contents of the HTTP Cookie field as part of a curl request aimed at an internal endpoint. The device does not adequately verify the credentials in the HTTP Authorization field when requests are made to the /upload endpoint. This Metasploit module exploits an authentication bypass (CVE-2021-1472) and command injection (CVE-2021-1473) in the Cisco Small Business RV series of VPN/routers. tags | exploit MD5 | f614ad7c6ba6e189b449ed5dd7112196 Download | Favorite | View Cisco Small Business RV Series Authentication Bypass / Command Injection Posted Authored by jbaines-r7, Takeshi Shiomitsu | Site H3C SSL VPN suffers from a username enumeration vulnerability during the login sequence. tags | exploit MD5 | da5d5f503180638006e5f6fa9de027ae Download | Favorite | View H3C SSL VPN Username Enumeration Posted Authored by LiquidWorm | Site zeroscience.mk HMA VPN version 5.3 suffers from an unquoted service path vulnerability. ![]() tags | exploit MD5 | 67e6f160277795e867b38588e83a6036 Download | Favorite | View HMA VPN 5.3 Unquoted Service Path Posted Authored by Saud Alenazi McAfee Safe Connect VPN suffers from an unquoted service path vulnerability. Search for Search McAfee Safe Connect VPN Unquoted Service Path Posted Authored by Saud Alenazi ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |