Numara / BMC Track-It! FileStorageService Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Numara / BMC Track-It! FileStorageService Arbitrary File Upload', 'Description' = %q This module exploits an arbitrary file upload...

Numara / BMC Track-It! FileStorageService Arbitrary File Upload Exploit

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 9004 for version 8 which accepts unauthenticated uploads. This can be abused by a malicious user to uploa...

[CERT VU#121036 / Multiple CVEs] RCE, domain admin creds leakage and more in BMC Track-It!

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

Design/Logic Flaw

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to 1 FileStorageService or 2 ConfigurationService...

BMC Track-It! - Multiple Vulnerabilities

No description provided by source. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services o...

BMC Track-It! - Multiple Vulnerabilities

BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro email protected, Agile Information Security...

BMC Track-It! - Multiple Vulnerabilities

Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services on port 9010. .NET remoting is a RMI...

BMC Track-it! Remote Code Execution / SQL Injection

Hi, tl;dr - I am releasing two 0 day exploits for BMC Track-It!. One is a RCE and the other gets you the domain admin and SQL database creds. Other minor vulns are also disclosed. Details below. CERT handled the disclosure for these vulnerabilities see CERT VU121036 and according to them BMC didn...

BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure

This module exploits an unauthenticated configuration retrieval .NET remoting service in Numara / BMC Track-It! v9 to v11.X, which can be abused to retrieve the Domain Administrator and the SQL server user credentials. This module has been tested successfully on versions 11.3.0.355, 10.0.51.135,...

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 9004 for version 8 which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or...

Microsoft .NET Framework TypeFilterLevel Code Execution (MS14-026; CVE-2014-1806)

A code execution vulnerability exists in Microsoft .NET Framework. The vulnerability is due to the way the .NET framework handles TypeFilterLevel checks for some malformed objects. A remote attacker could exploit this vulnerability by sending specially crafted data to the target server that uses...

Design/Logic Flaw

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...

CVE-2014-1806

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."...

MS14-026: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2958732)

The remote Windows host has a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to the way that .NET Framework handles TypeFilterLevel checks for some malformed objects. Note that this vulnerability only affects applications that use .NET Remotin...

Grid. Система распределенных вычислений.

Введение. Материал появился в результате анализа замечаний и предложений, поступивших от тех, кто прочитал статью “Процесс создания ПО для распределенных вычислений C++”. Отсутствие явного распределения задачи сервером между клиентами и отсутствие конкретной задачи в принципе заставили автора ина...

TCP Channel Detection

The remote host is running a TCP-based .NET Remoting Channel Service, also known as a 'TCP channel'. .NET Remoting is an API developed by Microsoft and used for interprocess communications, and a channel service provides the mechanism by which such communications occur. Two channel services are...

PT-2025-50337

Name of the Vulnerable Software and Affected Versions Barracuda Service Center versions prior to 2025.1.1 Description Barracuda Service Center, part of the RMM solution, has a .NET Remoting service that does not adequately protect against the deserialization of arbitrary types. This can allow for...