Trend Micro InterScan Messaging Security (Virtual Appliance) - Remote Code Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro InterScan Messaging Security Virtual Appliance Remote Code Execution",...

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. Trend Mic...

Trend Micro OfficeScan Remote Code Execution

This module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend...

IBM Business Process Manager Information Disclosure Vulnerability (CNVD-2017-33884)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A security vulnerability exists in IBM BPM that stem...

CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461...

Code injection

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461...

CVE-2017-1346

IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461...

Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)

Linux/x8664 - mkdir 'evil' Shellcode 30 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - mkdir shellcode 30 bytes ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Create Folder with 755...

Trend Micro Security’s Layered Protection, XGen™ Machine Learning, and Folder Shield Protect You Against Unknown Ransomware and Malware

On May 12 of 2017, the WannaCry ransomware struck across the globe, encrypting computers by exploiting a critical vulnerability in Windows, first discovered by the US National Security Agency. Among its first targets were the British National Health Service, Federal Express, and Telefonica, but...

Self Cross-site Scripting (XSS)

concrete5 is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the folder name. A malicious user can then trick another user into injecting and executing arbitrary code in their web browser...

Excluding already redirected folders with UPM

Customers environment has Windows Settings\Folder Redirection setup for Documents or other folders. If UPM is also in use, the redirected folder might get a duplicate copy after UPM processes the logon. This is by design and expected...

Brave Software: OS username disclosure

Summary: Using the webkitdirectory alongside minor user interaction, we are able to grab OS username of a victim. This is because the webkitdirectory object is not properly sanitized after a folder has been picked. In my case, the downloads folder was the default folder to select and so I ended u...

LNK Code Execution Vulnerability

This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...

Jojo Xinha Path Traversal Vulnerability

Jojo is Jojo team developed a free, open source PHP-based content management system CMS. The system supports WYSIWYG editor , search engine optimization , etc. Xinha is used in one of the visual HTML editor . A directory traversal vulnerability exists in the plugins/ImageManager/backend.php file ...

Dracnmap v2.2 - Exploit Network and Gathering Information with Nmap

Dracnmap is an open source program which is using to exploit the network and gathering information with nmap help. Nmap command comes with lots of options that can make the utility more robust and difficult to follow for new users. Hence Dracnmap is designed to perform fast scaning with the...

CVE-2017-11723

Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter...

Directory traversal

Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter...

Cross-site Scripting (XSS)

symphonycms/symphony-2 is vulnerable to cross-site scripting XSS attacks. A flaw in the template/usererror.missingextension.php allows attackers to inject script through the existing-folder parameter...

PT-2017-18855 · Owncloud · Owncloud Server

Name of the Vulnerable Software and Affected Versions: ownCloud Server versions prior to 10.0.2 Description: An attacker with normal user privileges can potentially delete shared folders in ownCloud Server. Recommendations: For versions prior to 10.0.2, update to version 10.0.2 or later to resolv...

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-15545)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the /application/lib/ajax/getimage.php file in FineCMS 2017-07-12 and earlier versions. A remote attacker can exploit the vulnerability to inject...