Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...

rConfig 3.9.2 - Remote Code Execution

rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. id:...

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable Versions: 3.9 CVE:...

Exploit for Code Injection in Gitlab

CVE-2021-22205 This vulnerability arises from Gitlab’s impro...

Moodle SpellChecker Path Authenticated Remote Command Execution

Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection. This is extremely similar to CVE-2013-3630, just using a different variable. This module was tested against Moodle version...

ManageEngine OpManager SumPDU Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine OpManager SumPDU Java Deserialization', 'Description' = %q An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager...

Exchange Control Panel Viewstate Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...

CVE-2019-5490

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

ScriptCase 8.1.053 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SCRIPTCASE-PHP-WEB-TOOL-MULTIPLE-VULNERABILITIES.txt + ISR: ApparitionSec Vendor: ================== www.scriptcase.net Product:...

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities

AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AJAXEXPLORER-REMOTE-CMD-EXECUTION.txt + ISR: apparitionsec Vendor: ========== sourceforge.net smsid download linx:...

HP Data Protector A.09.00 Command Execution

!/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-20...

UnrealIRCD 3.2.8.1 Backdoor Command Execution

No description provided by source. $Id: unrealircd3281backdoor.rb 11227 2010-12-05 15:08:22Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

Opera historysearch XSS

No description provided by source. $Id: operahistorysearch.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

MS IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (2)

No description provided by source. source: http://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before...

YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities

YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : YeaLink IP Phone SIP-TxxP firmware 0x90.nl Software link :...

CentOS Update for php CESA-2008:0546-01 centos2 i386

Check for the Version of php OpenVAS Vulnerability Test CentOS Update for php CESA-2008:0546-01 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

GeoIP GeoIPUpdate.C目录遍历漏洞

GeoIP是一款用于识别Web网站访问者的所在国家应用软件。 GeoIP不正确处理用户提交的请求，远程攻击者可以利用漏洞以进程权限查看系统文件内容。 问题是由于对'updategetfilename'提交的数据缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以应用程序进程权限执行任意指令。 Maxmind geopip 0 MandrakeSoft Corporate Server 4.0 x8664 MandrakeSoft Corporate Server 4.0 目前没有解决方案提供： http://www.maxmind.com/app/locate...

Create your own simple Backdoor-vulnerability warning-the black bar safety net

We all know nc is a powerful and flexible hacking tools, he can do many things, such as a telnet client port, such as the invasion of time to bounce back the shell, such as scanning...... But have you ever wondered will he build into a service-level Backdoor? Now much better with me as the rookie...

Fedora Core 2 : lha-1.14i-14.1 (2004-295)

Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project cve.mitre.org...