CVE-2018-9156

AXIS P1354 IP camera (Firmware 5.90.1.1) is affected by CVE-2018-9156 due to an upload page that does not verify file types, enabling a webshell upload via fileUpload.shtml for a custom .shtml file. The shell can be interpreted by Apache mod_include (

ESXi Detection via VMWare Tools CMD execution

Binary data vmwareesxidetection.nbin...

UBUNTU-CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...

CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...

DEBIAN-CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...

MikroTik RouterOS < 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import ropgadget...

CVE-2018-7736

In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZCBLOGSUBNAME parameter or ZCUPLOADFILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability...

PT-2018-18247 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a reported issue in Z-BlogPHP where the cmd.php file is susceptible to XSS attacks via the ZC BLOG SUBNAME parameter or the ZC UPLOAD FILETYPE parameter. However, the software maintainer...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2018-03162)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. A cross-site scripting vulnerability exists in ILIAS. A remote attacker can exploit this vulnerability by sending a 'cmd' parameter to the...

ILIAS < 5.2.4 XSS Vulnerability

ILIAS eLearning is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Linux/x86-64 - Add User (pwned/$pass$) Using echo cmd Shellcode (273 bytes)

; shellcode name adduserpassword ; Author : Christophe G SLAE64-1337 ; Len : 273 bytes ; Language : Nasm ; "name = pwned ; pass = $pass$" ; add user and password with echo cmd ; tested kali linux , kernel 3.12 global start start: jmp short findaddress realstart: pop rdi xor byte rdi + 7 , 0x41 ;...

Failed to import Veeam Cloud Connect certificate after Veeam Availability Console server migration

Challenge After migrating your Veeam Availability Console VAC installation to a new server and adding an existing Veeam Cloud Connect VCC server, the following certificate error may be observed: Failed to import certificate from the Veeam Cloud Connect server. See debug logs for more information...

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow !/usr/bin/python ======================================================================================================================== Exploit Author: C4t0ps1s Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowCode execution Date...

The vulnerability of the cmd parameter in D-Link router microprogramming devices such as D-Link DNS-320L, D-Link DNS-327L, D-Link DNR-326, D-Link DNS-320B, D-Link DNS-345, D-Link DNS-325, and D-Link DNS-322L allows attackers to bypass the authentication process.

The vulnerability of the cmd parameter in D-Link DNS-320L, D-Link DNS-327L, D-Link DNR-326, D-Link DNS-320B, D-Link DNS-345, D-Link DNS-325, and D-Link DNS-322L routers is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass...

Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Local Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - 'Enter User Name' Field Buffer Overflow SEH Date: 24-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: Easy Video to iPod/MP4/PSP/3GP Converter Vendor Homepage:...

RubyMine 2016.1 - CMD Manual Buffer Overflow Exploitation

Document Title: =============== RubyMine 2016.1 - CMD Manual Buffer Overflow Exploitation References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2089 Video: https://www.youtube.com/watch?v=4Sk0rq1Z8Qk Release Date: ============= 2017-08-18 Vulnerability Laboratory ID VL-ID:...

RubyMine 2016.1 - CMD Manual Buffer Overflow Exploitation

Document Title: =============== RubyMine 2016.1 - CMD Manual Buffer Overflow Exploitation References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2089 Video: https://www.youtube.com/watch?v=4Sk0rq1Z8Qk Release Date: ============= 2017-08-17 Vulnerability Laboratory ID VL-ID:...

CVE-2017-11589

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd,...

Metasploit RPC Console Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/rpc/v10/client' class MetasploitModule 'Metasploit RPC Console Command Execution', 'Description' = %q This module connects to a specified Metasploit RPC...

Metasploit RPC Console Command Execution Exploit

This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6;...