Fortinet FortiOS / FortiProxy / FortiSwitchManager Authentication Bypass
This Metasploit module exploits an authentication bypass vulnerability in the Fortinet FortiOS, FortiProxy, and FortiSwitchManager API to gain access to a chosen account and then adds an SSH key to the...
View ArticleFortinet FortiNAC keyUpload.jsp Arbitrary File Write
This Metasploit module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an...
View ArticlePaperCut MF/NG Authentication Bypass / Remote Code Execution
PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.
View ArticleIvanti Sentry Authentication Bypass / Remote Code Execution
This Metasploit module exploits an authentication bypass in Ivanti Sentry which exposes API functionality which allows for code execution in the context of the root user.
View ArticleLexmark Device Embedded Web Server Remote Code Execution
An unauthenticated remote code execution vulnerability exists in the embedded webserver in certain Lexmark devices through 2023-02-19. The vulnerability is only exposed if, when setting up the printer...
View ArticleGoAnywhere MFT Authentication Bypass
GoAnywhere MFT authentication bypass proof of concept exploit.
View ArticleFortra GoAnywhere MFT Unauthenticated Remote Code Execution
This Metasploit module exploits a vulnerability in Fortra GoAnywhere MFT that allows an unauthenticated attacker to create a new administrator account. This can be leveraged to upload a JSP payload and...
View Article
More Pages to Explore .....