pfSense 2.1.3-RELEASE (amd64) Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense authenticated graph status RCE', 'Description' = %q pfSense, a free BSD based open source firewall distribution, version...

Artica Web Proxy 3.06.112216 Remote Code Execution Vulnerability

Exploit for php platform in category web applications + Credits: John Page aka Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ARTICA-WEB-PROXY-v3.06-REMOTE-CODE-EXECUTION-CVE-2017-17055.txt Vendor: ======= www.articatech.com Product: =========...

The software for message communication, IBM MQ Appliance, is vulnerable due to the lack of measures taken to neutralize specific commands of the operating system. This vulnerability allows attackers to execute arbitrary commands.

The software for message communication in IBM MQ Appliance is vulnerable because measures are not taken to eliminate the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Circle with Disney Command Injection Vulnerability

Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A command injection vulnerability exists in the notification feature in Circle with Disney version 2.0.1. The vulnerability can be...

MVPower DVR Remote Command Execution

The remote AOST-based network video recorder distributed by MVPower is affected by a remote command execution vulnerability. An unauthenticated remote attacker can use this vulnerability to execute operating system commands as root. This vulnerability has been used by the IoT Reaper botnet. C...

Cross site request forgery (csrf)

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system...

CVE-2017-12796

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system...

CVE-2017-12796

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system...

CVE-2017-12796

The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users are able to execute operating system...

OpenMRS Remote Command Execution Vulnerability

OpenMRS Reference Application is a suite of open source EHR applications.Reporting Compatibility Add On is one of the compatibility reporting components. A remote command execution vulnerability exists in OpenMRS, which is caused by the application failing to authenticate the user when...

HPE System Management Homepage Arbitrary Command Execution Vulnerability

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

The vulnerability of the mnt_ping.cgi service in the microprogramming software of the Technicolor TD5336 router allows a hacker to execute arbitrary operating system commands with superuser privileges.

The vulnerability of the mntping.cgi service in the microprogramming software of the Technicolor TD5336 router exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitra...

Corega CG-WLR300NM OS Command Execution Vulnerability

The Corega CG-WLR300NM is a wireless router from Corega Japan. A security vulnerability exists in the Corega CG-WLR300NM using firmware version 1.90 and earlier. An attacker can exploit the vulnerability to execute arbitrary operating system commands...

CVE-2017-2275

WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2017-2183

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings...

KDDI HOME SPOT CUBE WebUI Operating System Command Injection Vulnerability

KDDI HOME SPOT CUBE is a home wireless router product from KDDI Japan.WebUI is one of the graphical user interfaces. An operating system command injection vulnerability exists in the WebUI of the KDDI HOME SPOT CUBE2 using firmware version 101 and earlier. A remote attacker can exploit this...

CVE-2017-2112

TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlie...

Tablacus Explorer vulnerable to script injection

Overview Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

MVPower DVR TV-7104HE 1.8.4 115215B9 Shell Unauthenticated Command Execution Exploit

This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model...

AlienVault OSSIM/USM Remote Code Execution Exploit

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object...