This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this vulnerability, it was not properly mitigated. To exploit against a newer version of Up.Time (such as 7.4), please use exploits/multi/http/uptime_file_upload_2.
Monthly Archives: November 2015
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
vBulletin 5.1.2 Unserialize Code Execution
This Metasploit module exploits a PHP object injection vulnerability in vBulletin 5.1.2 to 5.1.9
Debian Security Advisory 3395-2
Debian Linux Security Advisory 3395-2 – Marc Deslauriers reported that the update for krb5 issued as DSA-3395-1 did not contain the patch to address CVE-2015-2697 for the packages built for the oldstable distribution (wheezy). Updated packages are now available to address this issue.