CVE-2018-0007

An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service...

OV3 Online Administration 3.0 Authenticated Code Execution

Summary With the decision to use the OV3 as a platform for your data management, the course is set for scalable, flexible and high-performance applications. Whether you use the OV3 for your internal data management or use it for commercial business applications such as shops, portals, etc. Thanks...

MetInfo 5.3.17 Authenticated Code Execution Vulnerability(CVE-2017-11347)

MetInfo 5.3.17 Authenticated Code Execution Vulnerability Technical Description: We can use the GPC data to register variables in admin/include/common.inc.php: php foreacharray'COOKIE', 'POST', 'GET' as $request foreach$$request as $key = $value $key0 != '' && $$key = daddslashes$value,0,0,1;...

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

CVE-2017-1274

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749...

VulnCheck KEV: CVE-2017-1274

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749...

Apache Tomcat Manager Application Deployer Authenticated Code Execution

No description provided by source. $Id: tomcatmgrdeploy.rb 11330 2010-12-14 17:26:44Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Sun/Oracle GlassFish Server Authenticated Code Execution

No description provided by source. $Id: glassfishdeployer.rb 13485 2011-08-04 17:36:01Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

VMware Studio 2.x < 2.1 Multiple Vulnerabilities

The version of VMware Studio installed on the remote host is 2.x prior to 2.1. It is, therefore, potentially affected by multiple vulnerabilities : - An authenticated code execution vulnerability exists in the Virtual Appliance Management Infrastructure. CVE-2010-2667 - A local privilege escalati...

Sun/Oracle GlassFish Server Authenticated Code Execution

This module logs in to a GlassFish Server Open Source or Commercial using various methods such as authentication bypass, default credentials, or user-supplied login, and deploys a malicious war file in order to get remote code execution. It has been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java...

Apache Tomcat Manager Application Deployer Authenticated Code Execution

This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is no...

Sun/Oracle GlassFish Server Authenticated Code Execution

$Id: glassfishdeployer.rb 13485 2011-08-04 17:36:01Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ManageEngine Applications Manager Authenticated Code Execution

This module logs into the Manage Engine Applications Manager to upload a payload to the file system and a batch script that executes the payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Papoo CMS 3.7.3 Authenticated Arbitrary Code Execution Vulnerability

No description provided by source. Advisory: Papoo CMS: Authenticated Arbitrary Code Execution The Papoo CMS allows authenticated users to upload GIF, JPG and PNG images if they have the "upload images" privilege, which is true for all default groups that can access the administrative interface...