984 matches found
MediaWiki Thumb.php Remote Command Execution Exploit
Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit3 'MediaWiki Thumb.php Remote Command Execution', 'Description' = %q MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows...
HP SiteScope issueSiebelCmd Remote Code Execution
This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope...
Supermicro Onboard IPMI close_window.cgi Buffer Overflow Vulnerability
This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an...
Zabbix 2.0.8 SQL Injection and Remote Code Execution
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading...
VMware Hyperic HQ Groovy Script-Console Java Execution Vulnerability
This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04...
D-Link Devices Unauthenticated Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'D-Link Devices Unauthenticated Remote...
HP Data Protector CMD Install Service Vulnerability (msf)
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Exploit Title: HP...
HP Data Protector - CMD Install Service (Metasploit)
HP Data Protector - CMD Install Service Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Exploit Title: HP Data...
Fedora Update for nodejs-cmd-shim FEDORA-2013-11780
Check for the Version of nodejs-cmd-shim OpenVAS Vulnerability Test Fedora Update for nodejs-cmd-shim FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
Fedora Update for nodejs-cmd-shim FEDORA-2013-11780
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 18 Update: nodejs-cmd-shim-1.1.0-3.fc18
The cmd-shim used in npm to create executable scripts on Windows, since sym links are not suitable for this purpose there. On Unix systems, you should use a symbolic link instead, but this module supports creating shell script shims also...
imacs CMS 0.3.0 Shell Upload
?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...
K-Shell by kikicoco VHS version 1.2 edition (.aspx)
Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. last update: 06.05.2013 21:20 Что может: Wso-style Server IP Client IP HostName Username OS Version IIS Version System Dir...
DLink DIR-645 / DIR-815 Command Execution Vulnerability
Exploit for hardware platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...
Adobe ColdFusion APSB13-03 Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'digest/sha1' require 'openssl' class Metasploit...
Jenkins Script-Console Java Execution Vulnerability
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
CVE-2012-4959
CVE-2012-4959 affects Novell File Reporter NFRAgent.exe (1.0.2) via directory traversal in FSF/CMD handling of FSFUI records (UICMD 130), enabling remote upload and execution of arbitrary files. Connected data corroborates exploitation in Metasploit modules for NFR Agent 1.0.3/1.0.4.x and public ...
青果教务网络管理系统逻辑处理不严谨导致SQL注入,可至全国数百所高校教务系统沦陷
简要描述: 在这个系统官网上发现该教务系统全国有535所高校在用,测试了几个都成功了,直接是SA权限的MSSQL,有个别貌似版本不一样不行,但是应该大多数都可以通杀。 详细说明: 这里可以看见该系统使用学校(http://www.kingosoft.com/cgal/index1.aspx),教务系统有535所学校在用,貌似这个系统有2个版本,有一个较新的不行,但是大多数都是老版本,可以成功利用该漏洞对服务器攻击,差不多可以影响上百所高校教务系统吧。 接下来分析一下漏洞形成:...
Unfixed XSS vulnerability at www.vente-fondsdecommerce.com
Security researcher Atmon3r, has submitted on 08/01/2012 a cross-site-scripting XSS vulnerability affecting www.vente-fondsdecommerce.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/01/2012. It i...
PT-2012-5038
Name of the Vulnerable Software and Affected Versions JBMC Software DirectAdmin version 1.403 Description The issue concerns multiple cross-site scripting XSS vulnerabilities in the CMD DOMAIN component. These vulnerabilities allow remote authenticated users with specific privileges to inject...