Security update for GraphicsMagick (important)

This update for GraphicsMagick fixes the following issues: - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell CVE-2016-5118, boo982178 - Maliciously crafted pnm files could...

FreePBX RCE Vulnerability (Aug 2016) - Active Check

A remote command execution RCE vulnerability that results in privileged escalation exists in FreePBX 13 and FreePBX 14 with Recordings SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Huawei WS851 Stack Buffer Overflow Vulnerability

The Huawei WS851 is a wireless router product from Huawei China. A security vulnerability exists in the Huawei WS851 prior to version 1.1.21.1, which stems from the program failing to check parameters. The vulnerability can be exploited to trigger a stack overflow, remotely obtain root privileges...

Pornhub: [phpobject in cookie] Remote shell/command execution

The researcher was able to exploit a vulnerable deserialization function in PHP leading to remote shell on a production server...

Apache Jetspeed Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

Apache Jetspeed - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecure...

Apache Jetspeed Arbitrary File Upload

This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file...

Legal Robot: Remote Code Execution (upload)

Any file upload was accepted without filter, which led to RCE vulnerability. It was difficult to find the path tho :P Strange thing : The shell was executing on firefox only :P , it displayed plain text when opened in chrome...

eyou某服务器配置不当(存在被Getshell风险)

简要描述： eyou某服务器配置不当，存在被getshell风险 详细说明： 在已知mail.you.net web绝对路径情况下。 可使用redis写文件。getshell。 漏洞证明：...

Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

Arbitrary Shell Execution in Swiftmailer library

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution! Component Type: TYPO3 CMS Vulnerability Types: Denial of Service, Arbitrary Shell Execution Overall Severity: Medium Release Date: October 22, 2014 Vulnerable subcomponent: OpenID System...

Immunity Canvas: CITRIX_NETSCALER_SOAP

Name| citrixnetscalersoap ---|--- CVE| CVE-2014-7140 Exploit Pack| CANVAS Description| Citrix Netscaler 10.1 Soap exploit Notes| FoundBy: Console Cowboys Notes: A vulnerability exists in the SOAP handler of the web interface. A SOAP request can be crafted to trigger a memory corruption flaw,...

HP Sprinter multiple security vulnerabilities

Multiple shell execution vulnerabilities...

sco/x86 execve("/bin/sh", ..., NULL); 43 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve/bin/sh, ..., NULL; / include sys/types.h include stdio.h char scode = \x31\xc9 // xor %ecx,%ecx \x89\xe3 // mov %esp,%ebx \x68\xd0\x8c\x97\xff // push $0xff978cd0 \x68\xd0\x9d\x96\x91...

Acritum Femitter Server 1.03 - Multiple Vulnerabilities

No description provided by source. --= Tested on: XP sp 2 Acritum Femitter Server v1.03 is a HTTP and FTP Server for Windows. I came up with few vulnerabilities of this .. some vulns are already has been revelied but some are not so lets have a look HTTP Server ----------- In the Femitter Server...

LibrettoCMS 2.2.2 - Arbitrary File Upload

No description provided by source. Exploit Title : LibrettoCMS 2.2.2 Malicious File Upload Date : 14 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://libretto.artwebonline.com/ Software Link :...

WSN Links SQL Injection Vulnerability

No description provided by source. 'WSN Links' SQL Injection Vulnerability CVE-2010-4006 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the search.php code that allows for SQL injection of various parameters. By assemblin...

linux/x86-64 execve(/bin/sh) 52 bytes

No description provided by source. / Exploit Title : linux/x86-64 execve/bin/sh 52 bytes Tested on : Linux iron 2.6.38-8-generic 42-Ubuntu SMP Mon Apr 11 03:31:24 UTC 2011 x8664 x8664 x8664 GNU/Linux Date : 03/12/2011 Author : X-h4ck Email : [email protected] Website : http://www.pirate.al Greetz :...

netbsd/x86 setreuid(0, 0); execve("/bin//sh", ..., NULL); 30 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 NetBSD/i386 2.0, setreuid0, 0; execve/bin//sh, ..., NULL; / include sys/types.h include stdio.h include string.h char scode = \x31\xc0 // xor %eax,%eax \x50 // push %eax \x50 // push %eax \x50 // push %eax \x34\x7e // xo...