Skip to content

Commit 6fcd06b

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent baca872 commit 6fcd06b

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

db/modules_metadata_base.json

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115724,6 +115724,67 @@
115724115724
"session_types": false,
115725115725
"needs_cleanup": null
115726115726
},
115727+
"exploit_multi/misc/calibre_exec": {
115728+
"name": "Calibre Python Code Injection (CVE-2024-6782)",
115729+
"fullname": "exploit/multi/misc/calibre_exec",
115730+
"aliases": [
115731+
115732+
],
115733+
"rank": 600,
115734+
"disclosure_date": "2024-07-31",
115735+
"type": "exploit",
115736+
"author": [
115737+
"Amos Ng",
115738+
"Michael Heinzl"
115739+
],
115740+
"description": "This module exploits a Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed.",
115741+
"references": [
115742+
"URL-https://starlabs.sg/advisories/24/24-6782",
115743+
"CVE-2024-6782"
115744+
],
115745+
"platform": "Linux,Unix,Windows",
115746+
"arch": "cmd",
115747+
"rport": 8080,
115748+
"autofilter_ports": [
115749+
80,
115750+
8080,
115751+
443,
115752+
8000,
115753+
8888,
115754+
8880,
115755+
8008,
115756+
3000,
115757+
8443
115758+
],
115759+
"autofilter_services": [
115760+
"http",
115761+
"https"
115762+
],
115763+
"targets": [
115764+
"Windows_Fetch",
115765+
"Linux Command"
115766+
],
115767+
"mod_time": "2024-08-03 05:13:33 +0000",
115768+
"path": "/modules/exploits/multi/misc/calibre_exec.rb",
115769+
"is_install_path": true,
115770+
"ref_name": "multi/misc/calibre_exec",
115771+
"check": true,
115772+
"post_auth": false,
115773+
"default_credential": false,
115774+
"notes": {
115775+
"Stability": [
115776+
"crash-safe"
115777+
],
115778+
"Reliability": [
115779+
"repeatable-session"
115780+
],
115781+
"SideEffects": [
115782+
"ioc-in-logs"
115783+
]
115784+
},
115785+
"session_types": false,
115786+
"needs_cleanup": null
115787+
},
115727115788
"exploit_multi/misc/claymore_dual_miner_remote_manager_rce": {
115728115789
"name": "Nanopool Claymore Dual Miner APIs RCE",
115729115790
"fullname": "exploit/multi/misc/claymore_dual_miner_remote_manager_rce",

0 commit comments

Comments
 (0)