MS14-019 – Fixing a binary hijacking via .cmd or .bat file

Command .cmd and batch .bat files can be directly provided as input to the CreateProcess as if it is an executable. CreateProcess uses the cmd.exe automatically to run the input .cmd or .bat. Today, with the bulletin MS14-019 we are fixing a vulnerability, where in particular scenario it is...

Symantec Endpoint Protection Manager Remote Command Execution

This Metasploit module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker can reach SQL injection affected components. As xpcmdshell is enabled in the included database instance, it'...

MediaWiki Thumb.php Remote Command Execution Exploit

Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit3 'MediaWiki Thumb.php Remote Command Execution', 'Description' = %q MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5 and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows...

HP SiteScope issueSiebelCmd Remote Code Execution

This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope...

Supermicro Onboard IPMI close_window.cgi Buffer Overflow Vulnerability

This Metasploit module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an...

Zabbix 2.0.8 SQL Injection and Remote Code Execution

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading...

VMware Hyperic HQ Groovy Script-Console Java Execution Vulnerability

This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04...

D-Link Devices Unauthenticated Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'D-Link Devices Unauthenticated Remote...

HP Data Protector CMD Install Service Vulnerability (msf)

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Exploit Title: HP...

HP Data Protector - CMD Install Service (Metasploit)

HP Data Protector - CMD Install Service Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Exploit Title: HP Data...

Fedora Update for nodejs-cmd-shim FEDORA-2013-11780

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-cmd-shim FEDORA-2013-11780

Check for the Version of nodejs-cmd-shim OpenVAS Vulnerability Test Fedora Update for nodejs-cmd-shim FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

[SECURITY] Fedora 18 Update: nodejs-cmd-shim-1.1.0-3.fc18

The cmd-shim used in npm to create executable scripts on Windows, since sym links are not suitable for this purpose there. On Unix systems, you should use a symbolic link instead, but this module supports creating shell script shims also...

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

K-Shell by kikicoco VHS version 1.2 edition (.aspx)

Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. last update: 06.05.2013 21:20 Что может: Wso-style Server IP Client IP HostName Username OS Version IIS Version System Dir...

DLink DIR-645 / DIR-815 Command Execution Vulnerability

Exploit for hardware platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...

Adobe ColdFusion APSB13-03 Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'digest/sha1' require 'openssl' class Metasploit...

Jenkins Script-Console Java Execution Vulnerability

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

CVE-2012-4959

CVE-2012-4959 affects Novell File Reporter NFRAgent.exe (1.0.2) via directory traversal in FSF/CMD handling of FSFUI records (UICMD 130), enabling remote upload and execution of arbitrary files. Connected data corroborates exploitation in Metasploit modules for NFR Agent 1.0.3/1.0.4.x and public ...

青果教务网络管理系统逻辑处理不严谨导致SQL注入，可至全国数百所高校教务系统沦陷

简要描述： 在这个系统官网上发现该教务系统全国有535所高校在用，测试了几个都成功了，直接是SA权限的MSSQL，有个别貌似版本不一样不行，但是应该大多数都可以通杀。 详细说明： 这里可以看见该系统使用学校（http://www.kingosoft.com/cgal/index1.aspx），教务系统有535所学校在用，貌似这个系统有2个版本，有一个较新的不行，但是大多数都是老版本，可以成功利用该漏洞对服务器攻击，差不多可以影响上百所高校教务系统吧。 接下来分析一下漏洞形成：...