CVE-2017-12120

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

CVE-2017-14432

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...

CVE-2017-14434

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the...

CVE-2017-12121

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...

CVE-2017-12125

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/netWebCSRGen" uri...

CVE-2017-14434

Summary: CVE-2017-14434 affects Moxa EDR-810 Web Server (V4.1 build 17030317). The vulnerability is a command injection in the web server’s OpenVPN config endpoint, exploitable after logging in via HTTP POST to /goform/net_Web_get_value, specifically through the remoteNetmask0 parameter, allowing...

CVE-2017-14432

CVE-2017-14432 affects Moxa EDR-810 (V4.1, build 17030317). The web server allows command injection via POST to /goform/net_Web_get_value, injecting commands into openvpnServer0_tmp= and escalating privileges to root after authentication. Talos notes four related CVEs culminated in root-shell acc...

CVE-2017-12121

The CVE-2017-12121 issue affects Moxa EDR-810 Web RSA Key Generation functionality. Talos reports a command-injection in the rsakey_name parameter of the /goform/WebRSAKEYGen POST, enabling privilege escalation to root when authenticated. A root shell can be obtained via crafted input; affected p...

CVE-2017-12120

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...

CVE-2017-14432

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0tmp= parameter in the...

WordPress User Role Editor Plugin Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress User Role Editor plugin prior to v4.25, is lacking an...

WordPress User Role Editor Plugin < 4.25 - Privilege Escalation Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress...

WordPress Plugin User Role Editor 4.25 - Privilege Escalation

WordPress Plugin User Role Editor 4.25 - Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The...

WordPress Plugin User Role Editor &lt; 4.25 - Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress User Role Editor plugin prior to v4.25, is lacking an...

aeiou.pt Cross Site Scripting vulnerability OBB-611055

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| aeiou.pt ---|--- Open Bug Bounty...

Jfrog Artifactory 4.16 - Arbitrary File Upload Remote Command Execution

Jfrog Artifactory 4.16 - Arbitrary File Upload Remote Command Execution Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept:...

Router vulnerability reproduce the analysis of the second bomb: CNVD-2018-01084-vulnerability warning-the black bar safety net

Vulnerability information: D-Link DIR 615/645/815 router 1. 03 and previous firmware version is the presence of a remote command execution vulnerability. The vulnerability is due to service. the cgi in the splicing of the HTTP POST request data, causing background commands splicing, leading to...

PRTG Network Monitor 18.1.39.1648 - Stack Overflow (Denial of Service)

PRTG Network Monitor 18.1.39.1648 - Stack Overflow Denial of Service Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version:...

Design/Logic Flaw

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs ...

CVE-2018-10286

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs ...