2169 matches found
File Sharing Manager 1.0 iOS - Multiple Web Vulnerabilities
Document Title: =============== File Sharing Manager 1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1715 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ===================================...
File Manager PRO 1.3 Local File Inclusion / File Upload
Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...
Remote Code Execution in Exponent
High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...
ZTE SOHO ROUTERWEB_SHELL_CMD.GCH 远程命令执行漏洞
漏洞概要 2014 年 3 月 3 日,Rapid7 团队发布了中兴 F460 / F660 后门信息1,任何可以访问设备的用户都可以直接访问一个命令执行的 Web 界面,以 root 权限执行任意命令。 上述设备在中国境内被广泛应用,俗称“电信光猫”。 漏洞描述 ZTE 生产的 SOHO Router 的一些型号中,Web 根目录(/home/httpd )下存在 /webshellcmd.gch 文件,没有任何访问控制,可以直接执行任意系统命令。 以下几点值得注意: Rapid7 于 2014 年 3 月 3 日公布此漏洞,但是根据搜索结果,此问题早在 2012...
Chinese Caidao Backdoor Bruteforce
This module attempts to bruteforce chinese caidao asp/php/aspx backdoor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
Backshell Web Shell Cross Site Request Forgery
================================================================================ Backshell Web Shell - CSRF Command Injection ================================================================================ Vendor Homepage: https://github.com/neitanod/backshell Date: 25/12/2015 Software Link:...
b374k 3.2.32.8 (Web Shell) - Cross-Site Request Forgery Command Injection
b374k 3.2.32.8 Web Shell - Cross-Site Request Forgery Command Injection + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k...
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list...
OWASP Mth3l3m3nt Framework
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots,...
China Chopper Caidao PHP Backdoor Code Execution
This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'China Chopper Caidao PHP Backdoor Code...
Weevely3 - Weaponized Web Shell
Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30...
Stealthy PHP Web Shell Backdoor: Weevely
Stealthy PHP Web Shell Backdoor Weevely is a command line web shell dinamically extended over the network at runtime used for administration and pen testing of remote web accesses. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted...
ZTE SOHO ROUTER WEB_SHELL_CMD.GCH 远程命令执行
1、漏洞概要2014 年 3 月 3 日,Rapid7 团队发布了中兴 F460 / F660 后门信息1,任何可以访问设备的用户都可以直接访问一个命令执行的 Web 界面,以 root 权限执行任意命令。上述设备在中国境内被广泛应用,俗称“电信光猫”。2.1漏洞描述ZTE 生产的 SOHO Router 的一些型号中,Web 根目录(/home/httpd )下存在 /webshellcmd.gch 文件,没有任何访问控制,可以直接执行任意系统命令。以下几点值得注意:Rapid7 于 2014 年 3 月 3 日公布此漏洞,但是根据搜索结果,此问题早在 2012...
PHP Web Shells Malicious Known Variables
There are known Variables of an attempt to upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
ArcSight Logger - Arbitrary File Upload Code Execution
ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...
Seagate Business NAS 2014.00319 - Remote Code Execution
!/usr/bin/env python Seagape ======= Seagate Business NAS pre-authentication remote code execution exploit as root user. by OJ Reeves @TheColonial - for full details please see https://beyondbinary.io/advisory/seagate-nas-rce/ Usage ===== seagape.py -c ua - ip : ip or host name of the target NAS ...
IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution Vulnerability
Exploit for jsp platform in category web applications Exploit Title: IBM Tivoli Service Automation Manager Remote Code Execution Date: 12\12\2014 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.ibm.com/ Version: All versions of IBM Tivoli Service Automation Manager up to 7.2.4 VU/CV...
DAws - Advanced Web Shell (Windows/Linux)
There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shellexec was disabled it would automatically use exec or passthru or...
PHP Web Shell Generic Backdoor (CVE-2020-24186)
An attacker might upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution
Exploit Title: IBM Tivoli Service Automation Manager Remote Code Execution Date: 12\12\2014 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.ibm.com/ Version: All versions of IBM Tivoli Service Automation Manager up to 7.2.4 VU/CVE: VU782708, CVE-2015-0104 1. Create report 2. Browse...