exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

Files from Emir Polat

First Active2021-05-24
Last Active2024-08-31
Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control
Posted Aug 31, 2024
Authored by temp66, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit
advisories | CVE-2023-22515
SHA-256 | 4b9c8ff2a00bfcb510bc8d0808226331e1d0aff918dc0237aea9ac812e546033
Atlassian Confluence Data Center And Server Authentication Bypass
Posted Feb 27, 2024
Authored by unknown, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit
advisories | CVE-2023-22515
SHA-256 | c9933148dbb3513e341045ef4dcef5999b02882361749da2c6cd6cfe8c0471bc
pfSense Restore RRD Data Command Injection
Posted Jul 13, 2023
Authored by Emir Polat | Site metasploit.com

This Metasploit module exploits an authenticated command injection vulnerability in the "restore_rrddata()" function of pfSense prior to version 2.7.0 which allows an authenticated attacker with the "WebCfg - Diagnostics: Backup and Restore" privilege to execute arbitrary operating system commands as the "root" user. This module has been tested successfully on version 2.6.0-RELEASE.

tags | exploit, arbitrary, root
advisories | CVE-2023-27253
SHA-256 | aebb2b8cda994128d286f0b5a8a2c8b51efa5ec61f35fe1de15ab837e050e5a1
CVAT 2.0 Server-Side Request Forgery
Posted Nov 11, 2022
Authored by Emir Polat

CVAT version 2.0 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2022-31188
SHA-256 | 73ffdc8cbd20cddc5c30e6639b40f7a33ca517dc70a0e528dc0b60ad3c12a4f2
Webmin Package Updates Command Injection
Posted Aug 10, 2022
Authored by Christophe de la Fuente, Emir Polat | Site metasploit.com

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.

tags | exploit, arbitrary
advisories | CVE-2022-36446
SHA-256 | 40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3
Webmin 1.996 Remote Code Execution
Posted Aug 1, 2022
Authored by Emir Polat

Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-36446
SHA-256 | a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526
Schlix CMS 2.2.6-6 Shell Upload / Directory Traversal
Posted May 24, 2021
Authored by Emir Polat

Schlix CMS version 2.2.6-6 suffers from an arbitrary file upload and a directory traversal that together can lead to remote command execution.

tags | exploit, remote, arbitrary, file inclusion, file upload
SHA-256 | fca5df7ad0d34a5f7b8addf705a53ad2dd0527cb631c1a47240bfd8afd22f8d1
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close