automatic module_metadata_base.json update
This commit is contained in:
parent
364d491af7
commit
518aafb1f1
|
@ -78329,6 +78329,68 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/progress_kemp_loadmaster_unauth_cmd_injection": {
|
||||
"name": "Kemp LoadMaster Unauthenticated Command Injection",
|
||||
"fullname": "exploit/linux/http/progress_kemp_loadmaster_unauth_cmd_injection",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2024-03-19",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"Dave Yesland with Rhino Security Labs"
|
||||
],
|
||||
"description": "This module exploits an unauthenticated command injection vulnerability in\n Progress Kemp LoadMaster in the authorization header after vversion 7.2.48.1.\n The following versions are patched: 7.2.59.2 (GA), 7.2.54.8 (LTSF) and\n 7.2.48.10 (LTS).",
|
||||
"references": [
|
||||
"CVE-2024-1212",
|
||||
"URL-https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/",
|
||||
"URL-https://kemptechnologies.com/kemp-load-balancers"
|
||||
],
|
||||
"platform": "Linux,Unix",
|
||||
"arch": "cmd",
|
||||
"rport": 443,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Automatic",
|
||||
"Do_Not_Prepend_Runonce_Code"
|
||||
],
|
||||
"mod_time": "2024-04-26 17:36:50 +0000",
|
||||
"path": "/modules/exploits/linux/http/progress_kemp_loadmaster_unauth_cmd_injection.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "linux/http/progress_kemp_loadmaster_unauth_cmd_injection",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"SideEffects": [
|
||||
"ioc-in-logs",
|
||||
"artifacts-on-disk"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/pulse_secure_cmd_exec": {
|
||||
"name": "Pulse Secure VPN Arbitrary Command Execution",
|
||||
"fullname": "exploit/linux/http/pulse_secure_cmd_exec",
|
||||
|
|
Loading…
Reference in New Issue