This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to "/data-service/users/[userid]" with any low-authority user returns other users' information in response. The encrypted password information is included here, but privilege escalation is also possible with the active sessionid value.
6e59726691f327427ec484da726b6a4c97e638187f4e7fb596cc5e0268c97f94This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code. The module tries to log in to the MQTT service with the credentials it has obtained and reflects the response it receives from the service.
a526a71a842e124933fbe29b7fe054817479987a1ba9b99072a7022c4655f1aeThis Metasploit module exploits an authentication bypass in Servisnet Tessa, triggered by add new sysadmin user. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code.
119c3c412df82f46d85f91b4ab7d2315fda2836a2057f29636ed9df61fe7a8bdThis Metasploit module exploits a privilege escalation vulnerability in Ericsson Network Location Mobile Positioning Systems.
284aef5590fcc1f10a26e571df512ffa20eb2f3e127bfd58c1acdecd315b6627This Metasploit module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The export feature in various parts of the application is vulnerable. It is a feature made for the information in the tables to be exported to the server and imported later when required. Export operations contain the file_name parameter. This parameter is assigned as a variable between the server commands on the backend side. It allows command injection.
2b48b3265095eafaddacb4ff1e3bd8e6117f37acaa1faaf23e718d815e6acfc9This Metasploit module exploits an authentication bypass in Netsia SEBA+ versions 0.16.1 and below to add a root user.
81d29e7b25d87b1af18dee2c03c87aac3764dda86e6ebd3821d3086bb0eb9503This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.
0b9d3eed2396c63f8c369c41bb33853aea8748348ce034096856277e638001d6PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.
69aa4aacb58fc312485978e341d93b5ea3b1cb194a17714065b2bf439c337cd5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed