CVE-2013-2970

Unspecified vulnerability in IBM QRadar Security Information and Event Manager SIEM 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors...

SAP ConfigServlet Remote Code Execution Vulnerability

This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2. This file is part of the Metasploit Framework...

SAP ConfigServlet Remote Unauthenticated Payload Execution

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' =...

SAP ConfigServlet - Remote Payload Execution (Metasploit)

SAP ConfigServlet - Remote Payload Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' =...

SAP ConfigServlet - Remote Payload Execution (Metasploit)

require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry Chastuhin', Vulnerability discovery based on the...

SAP ConfigServlet OS Command Execution

This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP ConfigServlet OS Command...

SAP ConfigServlet - OS Command Execution (Metasploit)

SAP ConfigServlet - OS Command Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet OS Command Execution', 'Description' = %q This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry Chastuhin'...

Improper access control

The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038...

CVE-2013-1111

The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038...

Ubiquiti AirOS <= 5.5.2 Remote POST-Auth Root Command Execution

Exploit for hardware platform in category remote exploits !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link :...

Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution

Ubiquiti AirOS 5.5.2 - Authenticated Remote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link :...

Layton Helpbox 4.4.0 SQL Injection

Layton Helpbox 4.4.0 Multiple SQL Injection Points by Joseph Sheridan Summary Layton Technologies Helpbox product version 4.4.0 is vulnerable to multiple SQL injection vulnerabilities. CVE number: CVE-2012-4971 Impact: High Vendor homepage: http://www.laytontechnology.com Vendor notified:...

Sybase ASE 15.x Java Command Execution

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Java Operating System command execution. Risk Level: High Affected versions: Sybase ASE 15.0, 15.5 and 15.7 Remote exploitable: Yes Credits: This vulnerability was discovered...

QNX qconn Command Execution

This module uses the qconn daemon on QNX systems to gain a shell. The QNX qconn daemon does not require authentication and allows remote users to execute arbitrary operating system commands. This module has been tested successfully on QNX Neutrino 6.5.0 x86 and 6.5.0 SP1 x86...

McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028)

The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator ActiveX control that allows execution of arbitrary code. The 'GetObject' method can be used to load any class on the underlying operating system. For example, by loading the 'WScript.Shell' class,...

Time And Expense Management System Command Injection

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5 Download................http://sourceforge.net/projects/tems/ Discovery...

Time and Expense Management System Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...

Time and Expense Management System - Multiple Vulnerabilities

------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5 Download................http://sourceforge.net/projects/tems/ Discovery...

Pandora FMS 3.1 - Authentication Bypass

Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...

Local File Inclusion in CMS Source

Vulnerability ID: HTB22545 Reference: http://www.htbridge.ch/advisory/localfileinclusionincmssource.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010...