CVE-2018-16090

The CVE-2018-16090 vulnerability affects Lenovo System Management Module (SMM) firmware prior to 1.06, where the certificate creation and parsing logic allows post-authentication command injection. The Lenovo advisory LEN-24374 documents this issue and links it to several SMM-related CVEs; for CV...

phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...

phpMyAdmin Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...

Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...

FreeBSD : SquirrelMail -- post-authentication access privileges (928d5c59-2a5a-11e8-a712-0025908740c2)

Florian Grunow reports : An attacker able to exploit this vulnerability can extract files of the server the application is running on. This may include configuration files, log files and additionally all files that are readable for all users on the system. This issue is post-authentication. That...

NetEx HyperIP Post-Auth Remote Command Execution Vulnerability

HyperIP is a WAN optimized virtual appliance. Deploying HyperIP enables data replication, backup, recovery and data center migration. HyperIP has a remote command execution vulnerability in its implementation. The principle of this vulnerability is that setting the setval parameter as a malformed...

Sql injection

DISPUTED FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

CVE-2018-6393

FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

CVE-2018-6393

FreePBX 10.13.66-32bit and 14.0.1.24 SNG7-PBX-64bit-1712-2 allow post-authentication SQL injection via the order parameter. NOTE: the vendor disputes this issue because it is intentional that a user can "directly modify SQL tables ... or run shell scripts ... once ... logged in to the...

Command Injection in PAN-OS

A vulnerability exists in the PAN-OS web interface packet capture management that could allow an authenticated user to inject arbitrary commands. Ref PAN-81892 / CVE-2017-15940 PAN-OS contains a vulnerability that may allow for post authentication command injection This issue affects PAN-OS 6.1.1...

ManageEngine Applications Manager 13 - SQL Injection

ManageEngine Applications Manager 13 - SQL Injection ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host: 192.168.1.190:9090...

pfSense 2.3.1_1 - Command Execution

Exploit Title: pfSense User Manager--Groups in the handling of the members parameter. This allows an authenticated WebGUI user with privileges for systemgroupmanager.php to execute commands in the context of the root user. 2. Proof of Concept 'ifconfig/usr/local/www/ifconfig.txt'...

ManageEngine Applications Manager 13 - SQL Injection

ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host: 192.168.1.190:9090 User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64;...

CVE-2017-16542

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request...

Sql injection

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request...

CVE-2017-16542

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request...

CVE-2017-16542

CVE-2017-16542 affects Zoho ManageEngine Applications Manager 13 prior to build 13500. The vulnerability is a post-authentication SQL injection via the name parameter in the manageApplications.do?method=insert endpoint. PoCs show a POST request to /manageApplications.do?method=insert can inject S...

CVE-2017-16542

Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request...

FileRun 2017.09.18 - SQL Injection

FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...

How to Remove the "Skip Check" Option from Post-Authentication and nfactor EPA Scans

This article describes how to remove the "Skip Check" option from EPA.HTML on post-authentication NetScaler Gateway EPA scan. The solution in this article is meant for X1, Default, GreenBubble and RfWebUI portal themes...