CVE-2015-0853

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$xeyes...

Unix Command Shell, Reverse TCP (via R)

Connect back and create a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 157 include Msf::Payload::Single include Msf::Payload::R include...

Unix Command Shell, Bind TCP (via R)

Continually listen for a connection and spawn a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 132 include Msf::Payload::Single include Msf::Payload::R include...

R Command Shell, Reverse TCP

Connect back and create a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 150 include Msf::Payload::Single include Msf::Payload::R include...

FTPGetter 5.89.0.85 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: FTPGetter 5.89.0.85 Remote SEH Buffer Overflow Date: 07/14/2017 Exploit Author: Paul Purcell Vendor Homepage: https://www.ftpgetter.com/ Vulnerable Version Download: Available for 30 days here:...

BSA-2017-254

Security Advisory ID : BSA-2017-254 Component : Open SSH Revision : 2.0: Final Themmnewkeysfromblobfunction inmonitorwrap.cinsshdinOpenSSH6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to...

Unix Command Shell, Reverse TCP (via ncat)

Creates an interactive shell via ncat, utilizing ssl mode This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 42 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions...

CVE-2017-3881: Cisco Catalyst switches remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Your Catalyst switches whether to enable the telnet in? If Yes, it would have to be careful. This article will be to introduce the reader for the equipped with the latest firmware the Catalyst 2960 switch the remote code execution vulnerability proof-of-concept attack technique. Specific exploit...

CVE-2016-3129

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server GEMS implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf...

CVE-2016-3129

The CVE-2016-3129 entry describes a remote code execution vulnerability in BlackBerry Good Enterprise Mobility Server (GEMS) via the Apache Karaf command shell. Affected versions are 2.1.5.3 through 2.2.22.25. An attacker can execute commands to gain local administrator rights on the GEMS server....

Shell to Meterpreter Upgrade

This module attempts to upgrade a command shell to meterpreter. The shell platform is automatically detected and the best version of meterpreter for the target is selected. Currently meterpreter/reversetcp is used on Windows and Linux, with 'python/meterpreter/reversetcp' used on all others. This...

DEBIAN-CVE-2016-5017

Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string...

Linux ARM Big Endian Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 118 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...

CVE-2016-2297

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."...

CVE-2016-2297

Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."...

Meteocontrol WEB'log Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-133-01 Meteocontrol WEB'log Vulnerabilities that was published May 12, 2016, on the NCCIC/ICS‑CERT web site. Independent researcher Karn Ganeshen has identified one authentication and two information exposure...

JexBoss - Jboss Verify And Exploitation Tool

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. Requirements Python = 2.7.x Installation To install the latest version of JexBoss, please use the following commands: git clone https://github.com/joaomatosf/jexboss.git cd jexboss python jexboss.py Features...

Between a Rock and a Hard Link

Posted by James Forshaw, File System Enthusiast In a previous blog post I described some of the changes that Microsoft has made to the handling of symbolic links from a sandboxed process. This has an impact on the exploitation of privileged file overwrites for sandbox escapes. Windows does suppor...

Z/OS (MVS) Command Shell, Reverse TCP Inline

Listen for a connection and spawn a command shell. This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...

Important: Red Hat Security Advisory: openstack-ironic-discoverd security update

Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...