10 matches found
EUVD-2016-7297
Malware in sbrugna...
Server-Side Request Forgery (SSRF) in transloadit/uppy
Description Uppy is vulnerable to SSRF through IPv4-mapped IPv6 addresses - https://www.ibm.com/docs/en/zos/2.1.0?topic=addresses-ipv4-mapped-ipv6 The report at https://hackerone.com/reports/786956 does not fix it because it uses a easily bypassable deny list in...
Nuubi Tools - Information Ghatering, Scanner And Recon
Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...
Netgear DGN2200 dnslookup.cgi Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection", 'Description' = %q This module exploits a command injection...
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...
Cisco Cloud Services Platform 2.x < 2.1.0 Multiple Vulnerabilities
According to its self-reported version number, the remote Cisco Cloud Services Platform CSP device is 2.x prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in the web-based GUI due to improper sanitization of user-supplied...
Cisco Cloud Services Platform Command Injection Vulnerability (CNVD-2016-08195)
Cisco Cloud Services Platform CSP is the U.S. Cisco Cisco company's set of hardware and software platforms for data center network function virtualization. A remote command injection vulnerability exists in Cisco CSP 2100 version 2.0. A remote attacker can exploit this vulnerability by sending a...
CVE-2016-6374
Cisco Cloud Services Platform CSP 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093...
Command injection
Cisco Cloud Services Platform CSP 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093...
CVE-2016-6374
Cisco Cloud Services Platform CSP 2100 2.0 allows remote attackers to execute arbitrary code via a crafted dnslookup command in an HTTP request, aka Bug ID CSCuz89093...