Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access

Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector:...

Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access

STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis November 2017 PoC: https://github.com/mcw0/PoC Python...

CVE-2014-5334

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login...

Design/Logic Flaw

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login...

CVE-2014-5334

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login...

Electric Sheep Fencing pfsense clickjacking vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A clickjacking vulnerability exists in the cross-site request forgery error page of the /usr/local/www/csrf/csrf-magic.php file of the WebGUI in versions prior to...

pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...

pfSense 2.4.1 CSRF Error Page Clickjacking

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...

pfSense 2.3.1_1 - Command Execution

pfSense 2.3.11 - Command Execution Exploit Title: pfSense User Manager--Groups in the handling of the members parameter. This allows an authenticated WebGUI user with privileges for systemgroupmanager.php to execute commands in the context of the root user. 2. Proof of Concept...

pfSense 2.3.1_1 Post-Authentication Command Execution

Exploit Title: pfSense User Manager--Groups in the handling of the members parameter. This allows an authenticated WebGUI user with privileges for systemgroupmanager.php to execute commands in the context of the root user. 2. Proof of Concept 'ifconfig/usr/local/www/ifconfig.txt'...

pfSense 2.3.1_1 - Command Execution

Exploit Title: pfSense User Manager--Groups in the handling of the members parameter. This allows an authenticated WebGUI user with privileges for systemgroupmanager.php to execute commands in the context of the root user. 2. Proof of Concept 'ifconfig/usr/local/www/ifconfig.txt'...

GitHub Enterprise WebGUI / Management Console Detection (HTTP)

HTTP based detection of the GitHub Enterprise WebGUI or Management Console. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-9832

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

pfSense 2.2.5 - Directory Traversal

pfSense 2.2.5 - Directory Traversal Title : PFSense 12 1 LFI example Lfi example on step1submitphpaction; /etc/passwd /pfsensewi...

PFSense 2.2.5 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Title : PFSense 12 1 LFI example Lfi example on step1submitphpaction;/stepsubmitphpa...

PFSense 2.2.5 Directory Traversal

Title : PFSense 12 1 LFI example Lfi example on step1submitphpaction; /etc/passwd...

pfSense 2.2.5 - Directory Traversal

Title : PFSense 12 1 LFI example Lfi example on step1submitphpaction; /etc/passwd /pf...

pfSense WebGUI Zone Parameter Cross-Site Scripting (CVE-2015-4029)

A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to servicescaptiveportalzones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted lin...

Electric Sheep Fencing Pfsense WebGUI Cross-Site Scripting Vulnerability

Electric Sheep Fencing pfsense is a free and open source FreeBSD-based firewall and router software from Electric Sheep Fencing. A cross-site scripting vulnerability exists in the WebGUI of Electric Sheep Fencing pfSense versions prior to 2.2.3, which stems from the servicescaptiveportalzones.php...

CVE-2015-4308

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968...