ZeroShell 2.0 RC3 Command Injection / Cross Site Scripting

ZeroShell version 2.0 RC3 suffers from command injection and cross site scripting vulnerabilities. ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ZeroShell 2.0 RC3 ------------------------- Affected vendors: ------------------------...

ZeroShell 2.0 RC3 Command Injection / Cross Site Scripting

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- ZeroShell 2.0 RC3 ------------------------- Affected vendors: ------------------------- ZeroShell http://www.zeroshell.org/download/ ------------------------- Product description:...

ZeroShell Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZeroShell Remote...

ZeroShell Remote Code Execution Vulnerability

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext...

ZeroShell cgi-binkerbynet - Local File Disclosure

ZeroShell cgi-binkerbynet - Local File Disclosure Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here :...

ZeroShell Remote Code Execution

This module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext. The...

ZeroShell 2.0RC2 File Disclosure / Command Execution Vulnerability - Active Check

ZeroShell is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ZeroShell 2.0RC2 File Disclosure / Command Execution

Exploit Title: ZeroShell = 2.0RC2 Local file disclosure and Remote Command Execution Date: 13/08/2013 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.zeroshell.org - www.zeroshell.org/download/ Version: 2.0RC2 Category: Local File disclosure and Remote Command Execution Google...

CVE-2009-0545

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action...

Deserialization of untrusted data

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action...

CVE-2009-0545

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action...

CVE-2009-0545

ZeroShell

CVE-2009-0545 — ZeroShell Remote Code Execution

cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. Recent assessments: hrbrmstr at September 10, 2020 2:42pm UTC reported: MSF module — Assessed Attacker Value: 5...

ZeroShell <= 1.0beta11 Remote Code Execution Vulnerability

No description provided by source. ==================================================== ZeroShell = 1.0beta11 Remote Code Execution Original Advisory: http://www.ikkisoft.com/stuff/LC-2009-01.txt luca.carettoniatikkisoftdotcom ==================================================== ZeroShell...

ZeroShell unauthorized access

Command executionthorugh web interface...

ZeroShell <= 1.0beta11 Remote Code Execution

======================================================================== ZeroShell = 1.0beta11 Remote Code Execution ======================================================================== Affected Software: ZeroShell = 1.0beta11 Severity: High Local/Remote: Remote Author: Luca Carettoni -...

ZeroShell Code Execution

======================================================================== ZeroShell /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=user The parameter "type" is used to distinguish between users, CA and host certificates. Unfortunately, this parameter is passed to the following code wi...

ZeroShell <= 1.0beta11 Remote Code Execution Vulnerability

Exploit for hardware platform in category remote exploits ========================================================== ZeroShell ;%22 In addition to the Unix commands, it is possible to abuse the ZeroShell scripts themself. For instance it is likely to use the "getkey" script in order to retrieve...

ZeroShell 1.0beta11 - Remote Code Execution

ZeroShell 1.0beta11 - Remote Code Execution ==================================================== ZeroShell ;%22 In addition to the Unix commands, it is possible to abuse the ZeroShell scripts themself. For instance it is likely to use the "getkey" script in order to retrieve remote files, includi...

ZeroShell 1.0beta11 - Remote Code Execution

==================================================== ZeroShell ;%22 In addition to the Unix commands, it is possible to abuse the ZeroShell scripts themself. For instance it is likely to use the "getkey" script in order to retrieve remote files, including the content in the html page. HTTP REQUES...