Incredible PBX remote command execution exploit

!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

Code injection

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for 1 eccert.pl and 2 ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files...

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...

CVE-2012-5697

CVE-2012-5697 relates to the Smartphone Pentest Framework (SPF) web GUI in frameworkgui/, where the btinstall script sets world-writable permissions (777) on all files. This permits a local attacker to read sensitive files and potentially inject arbitrary Perl code via direct access to the files,...

Twiki Perl Code Execution

This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution. TWiki http://twiki.org is an Open Source Enterprise Wiki and Web Application Platform used by millions of people. Vulnerable Software Version Attack Vectors Impact Severity...

twiki -- remote Perl code execution

TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script typically port 80/TCP. Prior authentication may or may not ...

AwStats <= 6.4 - Denial of Service

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

NETGEAR ReadyNAS Perl Code Evaluation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ManualRanking include Msf::Exploit::Remote::HttpClient def initializein...

Dana IRC <= 1.3 - Remote Buffer Overflow PoC

No description provided by source. - Dana IRC = 1.3 Remote Buffer Overflow POC/Crash - Discovered On: 14 JUNE 2008 Discovered By: t0pP8uZz Download: diebestenbits.de - Info - Dana Irc client suffers from a remote buffer overflow, sending a buffer of around 2k overwrites the EIP therefor crashes t...

Tugux CMS 1.0_final Multiple Vulnerabilities

No description provided by source. +----------------------------------------------+ | Tugux CMS 1.0final Multiple Vulnerabilities | +----------------------------------------------+ Vulnerable Web-App : Tugux CMS 1.0final Vulnerability : Multiple Vulnerabilities. Author : Aodrulez. Atul Alex Cheri...

Yarssr 0.2.2 GUI.PM Remote Code Injection Vulnerability

No description provided by source. source: www.securityfocus.com/bid/26273/info Yarssr is prone to a remote code-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to inject and execute arbitrary malicious Perl code with the...

AWStats (6.0-6.2) configdir Remote Command Execution Exploit (perl code)

No description provided by source. !/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for...

Trouble Ticket Express <= 3.01 Remote Code Execution/Directory Traversal

No description provided by source. Exploit Title: Trouble Ticket Express Remote Code Execution/Directory Traversal Author: zombiefx [email protected]:[email protected] Software Link: http://www.troubleticketexpress.com/download/ttx301.zip Version: v3.01,v3.0,v2.24,v2.21 Tested on: Linux...

Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/151/info A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl...

TClanPortal <= 1.1.3 (id) Remote SQL Injection Exploit

No description provided by source. TClanPortal Version 3 .. Search By Google :- by TriggerTG.de 2003 - Version 3 Gr33tz :- Abducter .. SQL Injection's FOunder - | [email protected] |- Devil-00 .. SQL Injection's Exploting - | [email protected] | - Security4Arab .. A'Where Home .. WE LOVE...

RM Downloader 3.1.3 - Local SEH Exploit (Win7 ASLR and DEP Bypass)

No description provided by source. !/usr/bin/perl Exploit Title: RM Downloader 3.1.3 Local SEH Exploit Win7 ASLR and DEP Bypass Date: July 1, 2010 Author: Node Software Link: http://www.mini-stream.net/downloads/RMDownloader.exe Version: RM Downloader 3.1.3.3.2010.06.26 Evaluation Tested on:...

WordPress AdminOnline Local File Disclosure

GGGGGGGGGGGGG HHHHHHHHH HHHHHHHHH BBBBBBBBBBBBBBBBB GGG::::::::::::G H:::::::H H:::::::H B::::::::::::::::B GG:::::::::::::::G H:::::::H H:::::::H B::::::BBBBBB:::::B G:::::GGGGGGGG::::G HH::::::H H::::::HH BB:::::B B:::::B G:::::G GGGGGG H:::::H H:::::H B::::B B:::::B G:::::G H:::::H H:::::H...

Movable Type 4.2x 4.3x Upgrade Script RCE Script Injection - Ver2 (CVE-2012-6315)

A script injection and execution vulnerability has been reported in Movable Type. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary Perl code and SQL commands on the affected system...