Accellion Secure File Transfer Appliance 'oauth_token' Parameter Remote Command Execution

The remote Accellion Secure File Transfer Appliance is affected by a remote command execution vulnerability due to improper sanitization of user-supplied in put to the 'oauthtoken' parameter in the getoauthcustomername and verifyoauthtoken functions. The parameter is passed to a system command...

Impero Education Pro Remote Command Execution

/ If you're unsure what Impero is, it's essentially a corporate/educational RAT. Vendor site: https://www.imperosoftware.co.uk/ They recently were in the news about how they implemented "anti-radicalisation" shit or something. They had a booth at BETT back in January. They gave out donuts. Those...

Tianrongxin NGFW4000 Command Execution Vulnerability

The TENAA NGFW4000 is a large enterprise-class firewall. A security vulnerability exists in Tianrongxin NGFW4000, which allows an attacker to exploit this vulnerability to execute system commands...

Gcat - A stealthy Backdoor that uses Gmail as a command and control server

A stealthy Python based backdoor that uses Gmail as a command and control server. Setup For this to work you need: A Gmail account Use a dedicated account! Do not use your personal one! Turn on "Allow less secure apps" under the security settings of the account This repo contains two files: gcat....

OSSEC 2.7 < 2.8.1 - 'diff' Local Privilege Escalation

Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 Affected versions: 2.7 - 2.8.1 Beginning is OSSEC 2.7 d88cf1c9 a feature was added to syscheck, which is the daemon that monitors file changes on a system, called...

JDWP 代码执行漏洞

JPDAJava Platform Debugger Architecture 是 Java 平台调试体系结构的缩写，通过 JPDA 提供的 API，开发人员可以方便灵活的搭建 Java 调试应用程序。JPDA 主要由三个部分组成：Java虚拟机工具接口（JVMTI），Java 调试线协议（JDWP），以及 Java 调试接口（JDI）。JDWP协议可以支持远程调试，当次接口未授权访问时，可以执行Java代码，造成代码执行，获取服务器权限。服务端监听80端口记录访问： 使用jdwp-shellifier，执行系统命令：python jdwp-shellifier.py -t...

WebUI RCE Vulnerability

WebUI is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Codiad 2.5.3 - LFI Vulnerability

Exploit for php platform in category web applications +Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP...

Codiad 2.5.3 Local File Inclusion

+Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP ////////////////////////////////////////////////////////////////// // Run Download...

phpMoAdmin 1.1.3 /moadmin.php 代码执行漏洞

/moadmin.php / Saves an object @param string $collection @param string $obj @return array / public function saveObject$collection, $obj eval'$obj=' . $obj . ';'; //cast from string to array return $this-mongo-selectCollection$collection-save$obj; …. $action = isset$GET'action' ? $GET'action' :...

Symantec Web Gateway OS Authenticated Command Injection

SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

Briefcase 4.0 iOS - Code Exec & File Include Vulnerability

Document Title: =============== Briefcase 4.0 iOS - Code Exec & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability Laboratory ID VL-ID: ====================================...

Easy FTP Pro 4.2 iOS - Command Injection

Easy FTP Pro 4.2 iOS - Command Injection Document Title: =============== Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID:...

ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation

ISPConfig 3.0.54p1 - Authenticated Admin Privilege Escalation Exploit Title: ISPConfig 3 authenticated admin Localroot vulnerability Date: 7/25/14 Exploit Author: mra Vendor Homepage: http://wwwispconfig.org Version: 3.0.54p1 Tested on: ubuntu, centos irc.criten.net elite-chat While logged in as...

The Java Debugger exploits and fixes-vulnerability warning-the black bar safety net

0x0 Foreword Recently found an interesting vulnerability-JAVA open the Debugger mode can execute arbitrary system commands. Need certain Use Conditions, you have to be open to debug the process of setting up a breakpoint, and then use this breakpoint to execute the command of the operation. 0x1...

jaf cms 4.0 rc2 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22665 Reference: http://www.htbridge.ch/advisory/shellcreatecommandexecutioninjafcms.html Product: JAF CMS Vendor: JAF CMS http://jaf-cms.sourceforge.net/ Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability Type:...

Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed...

SmarterStats 6.0 - Multiple Vulnerabilities

No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...

Feixun Wireless Router FWR-604H - Remote Code Execution Exploit

No description provided by source. Exploit Title: Feixun FWR-604H Wireless Router Remote Code Execution Date: 2014-01-09 Exploit Author: Arash Abedian http://www.exploit-db.com/author/?a=6187http://www.exploit-db.com/author/?a=6187 Vendor Homepage: http://feixun.com.cn Version: Hardware Version...