Authentication bypass in Wordpress Plugin WooCommerce Payments

This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply

Taking a stroll down memory lane (Tomcat Init Script Privilege Escalation)

Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by h00die. This vulnerability allows

I ## ProxyNotShell
This week's Metasploit release includes an exploit module for CVE-2022-41082, AKA ProxyNotShell by DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q, Orange Tsai, Piotr Bazydło, Rich Warren, Soroush Dalili, and our very own Spencer McIntyre. The vulnerability CVE-2022-41082, AKA ProxyNotShell is a deserialization flaw in Microsoft Exchange's PSRP backend. Microsoft Exchange Server 2019, Exchange Server

Authenticated command injection vulnerability of Cisco ASA-X with FirePOWER Services:

[jbaines-r7] (https://github.com/jbaines-r7) added a new module that exploits an authenticated command injection vulnerability CVE-2022-20828 of Cisco ASA-X with FirePOWER Services. This vulnerability affects all Cisco ASA appliances that support ASA FirePOWER module. Note that, although a patch