PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shellexec php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70. This...

PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PineApp Mail-SeCure ldapsyncnow.php...

HP Managed Printing Administration - jobAcct Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Managed Printing Administration...

D-Link Devices UPnP SOAP Command Execution

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on DIR-865 and DIR-645 devices. This module requires Metasploit:...

Oracle Linux 5 / 6 : jakarta-commons-httpclient (ELSA-2013-0270)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0270 advisory. 1:3.1-0.7 - Add missing connection hostname check against X.509 certificate name - Resolves: CVE-2012-5783 Tenable has extracted the preceding description...

MGASA-2013-0199 Updated jakarta-commons-httpclient package fixes security vulnerability

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

Updated jakarta-commons-httpclient package fixes security vulnerability

The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name CN or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update

Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

RFCode Reader Web Interface Login / Bruteforce Utility

This module simply attempts to login to a RFCode Reader web interface. Please note that by default there is no authentication. In such a case, password brute force will not be performed. If there is authentication configured, the module will attempt to find valid login credentials and capture...

SAP CTC Service Verb Tampering User Management

This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 authentication required. This modul...

SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution

This module abuses the SAP NetWeaver SXPGCALLSYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64-bit and Linux 64-bit...

D-Link DSL 320B Password Extractor

This module exploits an authentication bypass vulnerability in D-Link DSL 320B 'D-Link DSL 320B Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in D-Link DSL 320B 'EDB', '25252' , 'OSVDB', '93013' , 'URL', 'http://www.s3cur1ty.de/m1adv2013-018' ...

phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin Authenticated Remote Code...

SAP ConfigServlet - Remote Payload Execution (Metasploit)

SAP ConfigServlet - Remote Payload Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' =...

Moderate: Red Hat Security Advisory: JBoss Web Framework Kit 2.2.0 update

JBoss Web Framework Kit 2.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

SAP ConfigServlet OS Command Execution

Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit3 'SAP ConfigServlet OS command execution', 'Description' = %q This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry...

SAP ConfigServlet - OS Command Execution (Metasploit)

SAP ConfigServlet - OS Command Execution Metasploit require 'msf/core' class Metasploit3 'SAP ConfigServlet OS Command Execution', 'Description' = %q This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry Chastuhin'...

STUNSHELL Web Shell Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote Code...

STUNSHELL Web Shell Remote PHP Code Execution

This module exploits unauthenticated versions of the "STUNSHELL" web shell. This module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads. This module requires Metasploit: https://metasploit.com/download Current source:...

Moderate: Red Hat Security Advisory: jakarta-commons-httpclient security update

An updated jakarta-commons-httpclient package for JBoss Enterprise Web Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scori...