LifeSize Room Security Bypass and Command Injection Vulnerabilities (CVE-2011-2763)

Multiple vulnerabilities exist in the LifeSize Room appliance. The vulnerabilities are due Unauthenticated OS command injection through the web interface.A remote attacker can exploit those vulnerabilities by sending crafted requests to the affected service...

LifeSize Room Command Injection

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable...

CVE-2011-2763

The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php...

CVE-2011-2763

The CVE concerns LifeSize Room appliances LS_RM1_3.5.3 (11) and 4.7.18 where the web interface exposes LSRoom_Remoting.doCommand in gateway.php. A remote attacker can craft a request to that endpoint to execute arbitrary OS commands, enabling remote code execution on affected devices. Public reco...

LifeSize Room Vulnerabilities

Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...

CVE-2011-2763

creationtimestamp| type| source ---|---|--- 2011-08-28 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/17743 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/lifesizeroom.rb 2025-02-06 03:13:40+00:00| seen|...

LifeSize Room Command Injection

Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the...

LifeSize Room - Command Injection (Metasploit)

require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of...