Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell

Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...

CVE-2014-2321

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

Design/Logic Flaw

webshellcmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials...

ZTE F460/F660 cable modems contain an unauthenticated backdoor

Overview ZTE F460/F660 cable modems contain an unauthenticated backdoor. Description ZTE F460/F660 cable modems contain an unauthenticated backdoor. The webshellcmd.gch script accepts unauthenticated commands that have administrative access to the device. It has been reported that the...

[Weevely v1.1] Stealth tiny PHP web shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation , and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities

Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities Document Title: =============== Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1160 Release Date: ============= 2013-12-03 Vulnerability...

Dolibarr ERP/CMS 3.4.0 SQL Injection

Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...

Dolibarr ERP/CMS 3.4.0 (exportcsv.php, sondage param) - SQL Injection

Exploit for php platform in category web applications Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link:...

Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection

Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in: 3.4.1 Tested on: Ubuntu 12.04...

Dolibarr ERPCRM 3.4.0 - exportcsv.php?sondage SQL Injection

Dolibarr ERPCRM 3.4.0 - exportcsv.php?sondage SQL Injection Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link:...

Bitbot (C2 Web Panel) - 'gate2.php' Multiple Vulnerabilities

Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on: Debian/Ubuntu from StringIO import StringIO import...

Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability

Title: ====== Flux Player v3.1.0 iOS - File Include & Arbitrary File Upload Vulnerability Date: ===== 2013-07-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1013 VL-ID: ===== 1013 Common Vulnerability Scoring System: ==================================== 7.5...

Collabtive 1.0 - manageuser.php SQL Injection

Collabtive 1.0 - manageuser.php SQL Injection Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...

Collabtive 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...

Collabtive 1.0 - 'manageuser.php' SQL Injection

Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...

PHD Help Desk 2.12 SQL Injection

Exploit Title: PHD Help Desk 2.12 SQLi Date: 05/24/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/phd-help-desk-212-sqli-and-xss.html Vendor Homepage: http://www.p-hd.com.ar/ Software Link:...

PHD Help Desk 2.12 - SQL Injection

Exploit Title: PHD Help Desk 2.12 SQLi Date: 05/24/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/phd-help-desk-212-sqli-and-xss.html Vendor Homepage: http://www.p-hd.com.ar/ Software Link:...

PHD Help Desk 2.12 - SQL Injection Vulnerability

Exploit for php platform in category web applications from argparse import ArgumentParser import string import random import urllib, urllib2 import sys def runoptions: print '! Dropping web shell on %s...'%options.ip shell = ''.joinrandom.choicestring.asciilowercase+string.digits for x in range5...

Kimai 0.9.2.1306-3 SQL Injection Vulnerability

Kimai version 0.9.2.1306-3 suffers from a remote SQL injection vulnerability. Exploit Title: Kimai 0.9.2.1306-3 SQLi Date: 05/20/2013 Exploit Author: drone @dronesec Vendor Homepage: http://www.kimai.org/ Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip...

Kimai 0.9.2.1306-3 SQL Injection

Exploit Title: Kimai 0.9.2.1306-3 SQLi Date: 05/20/2013 Exploit Author: drone @dronesec Vendor Homepage: http://www.kimai.org/ Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip Version: 0.9.2.1306-3 Fixed in: source repositories...