Apache ActiveMQ 5.x Web Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ActiveMQ web shell upload', 'Description' = %q The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uplo...

Fastspot BigTree CMS Arbitrary Code Execution Vulnerability

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An arbitrary code execution vulnerability exists in Fastspot BigTree CMS and previous versions 4.2.18. The vulnerability can be exploited by a remote attacker to execute...

ActiveMQ web shell upload

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2017-9442

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

CVE-2017-9442

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

Design/Logic Flaw

DISPUTED BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

CVE-2017-9442

BigTree CMS (versions up to 4.2.18) is affected by CVE-2017-9442. Remote authenticated users can execute arbitrary code by uploading a crafted package containing a PHP web shell, via ZIP extraction to file name patterns under cache/package/xxx/yyy.php. The issue exists in core/admin/modules/devel...

CVE-2017-9442

BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

PT-2017-18924 · Bigtree · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS versions 4.2.18 and earlier Description: The issue allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell. This is related to the extraction of a ZIP archive to filena...

Concrete5 Proof Of Concept Shell Upload

c@kali:/src/napalm2.2/modules$ cat shell-concrete5.py !/usr/bin/env python shell-concrete5.py - module based on previous version created 29.04.2017. Bug 'feature' is exploitable only when you will have a valid credentials. import sys import re import requests target = rawinput"+ Hostname " logMe ...

Command injection

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...

CVE-2017-6079

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...

Backdoor Detection

The scanner was able to determine that a possible web backdoor or web shell exists on the remote web server by utilizing the same methods as cyber-criminals. If a server has been previously compromised, there is a high probability that the cyber-criminal has installed a backdoor so that they can...

A Red Teamer’s guide to pivoting

A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...

dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting

Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU:...

dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities

dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities. Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing...

CVE-2017-6526

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...

Command injection

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...

CVE-2017-6526

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...