all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Jorani Remote Code Execution

Add to bookmarks
Aug. 21, 2023, 4:29 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0.

1.0.0 1.0.2 bypass code code execution exploits header log metasploit path path traversal poisoning redirection remote code remote code execution spoofing trigger unauthenticated vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6757-2 1 day, 19 hours ago | packetstormsecurity.com
arbitrary code attacker code crash +16
Ubuntu Security Notice USN-6762-1 1 day, 19 hours ago | packetstormsecurity.com
arbitrary code attacker attackers code +15
SOPlanning 1.52.00 SQL Injection 1 day, 19 hours ago | packetstormsecurity.com
injection php projects sql +5
SOPlanning 1.52.00 Cross Site Request Forgery 1 day, 19 hours ago | packetstormsecurity.com
forgery php request version +2
SOPlanning 1.52.00 Cross Site Scripting 1 day, 19 hours ago | packetstormsecurity.com
cross site scripting php scripting version +2
Red Hat Security Advisory 2024-2679-03 1 day, 20 hours ago | packetstormsecurity.com
advisory enterprise free linux +7
Red Hat Security Advisory 2024-2674-03 1 day, 20 hours ago | packetstormsecurity.com
advisory enterprise kernel linux +5
Red Hat Security Advisory 2024-2071-03 1 day, 20 hours ago | packetstormsecurity.com
advisory bugs container fix +10
Red Hat Security Advisory 2024-2068-03 1 day, 20 hours ago | packetstormsecurity.com
advisory bugs container denial of service +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr Cyber Threat Hunt Researcher

@ Peraton | Beltsville, MD, United States
View on infosec-jobs.com

Lead Consultant, Hydrogeologist

@ WSP | Chattanooga, TN, United States
View on infosec-jobs.com

Senior Security Engineer - Netskope/Proofpoint

@ Sainsbury's | London, London, United Kingdom
View on infosec-jobs.com

Senior Technical Analyst-Network Security

@ Computacenter | Bengaluru Bengaluru (Bengaluru, IN, 560025
View on infosec-jobs.com

Senior DevSecOps Engineer - Clearance Required

@ Logistics Management Institute | Remote, United States
View on infosec-jobs.com

Software Test Automation Manager - Cloud Security

@ Tenable | Israel - Office - CS
View on infosec-jobs.com
View more jobs