Seagate Business NAS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class MetasploitModule 'Seagate Business NAS Unauthenticated Remote Command Execution', 'Description' = %q Some Seagate Busine...

Seagate Business NAS Unauthenticated Remote Command Execution

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

Seagate Business NAS <= 2014.00319 - Pre-Authentication Remote Code Execution (0day)

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open ...

noVNC 'include/webutil.js' session hijacking vulnerability

NOVNC is a VNC client , using HTML 5 WebSockets, Canvas and JavaScript technology . A session hijacking vulnerability exists in noVNC 'include/webutil.js', which allows attackers to exploit the vulnerability to gain unauthorized access to the application...

New CMS 2.1 Local File Inclusion

=============================================== + TITLE : NEW CMS Local File Inclusion Vulnerability /proc/self/environ + VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice + VERSION : 2.1 or Later + AUTHOR : R3vanBastard + TESTED ON : Windows + DORK : "New CMS"...

Program-O v2.4.6 - Multiple Web Vulnerabilities

Document Title: =============== Program-O v2.4.6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1414 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 1414 Commo...

Program-O v2.4.6 - Multiple Web Vulnerabilities

Document Title: =============== Program-O v2.4.6 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1414 Release Date: ============= 2015-01-21 Vulnerability Laboratory ID VL-ID: ==================================== 1414 Commo...

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities

Document Title: =============== Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1407 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ====================================...

Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities

Document Title: =============== Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1407 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ====================================...

File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1403 Release Date: ============= 2015-01-15 Vulnerability Laboratory ID VL-ID: ==================================== 1403...

Foxit MobilePDF 4.4.0 Local File Inclusion / Arbitrary File Upload

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

DzzOffice 1.2.2 /index.php 本地文件包含漏洞

Index.php$dzz = C::app; $mod = getgpc'mod'; $mod = !empty$mod ? $mod : ''; $op = !empty$GET'op' ? $GET'op' : 'index'; $cachelist = array; $dzz-cachelist = $cachelist; $dzz-init; //调用各自的模块 ifempty$mod if$G'uid'1 && $G'setting''loginset''available' @header"Location: user.php?mod=logging"; exit;...

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability...

Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1400 Release Date: ============= 2015-01-12 Vulnerability Laboratory ID VL-ID: ====================================...

PHP云人才系统(20141229)2处SQL注入

简要描述： PHP云人才系统20141229二处隐蔽的SQL注入 详细说明： PHP云人才系统二处SQL注入。 0x01: 问答首页 ======================== URL为： http://www.hr135.com/ask/index.php?order=addtime 其中参数order可以注入。 看看代码/include/libs/SmartyCompiler.class.php：5330 5330 function complieqliststart$tagargs 5331 5332 $paramer = $this-parseattrs$tagargs;...

PHP-Calendar 0.10.1 - Arbitrary File Inclusion

PHP-Calendar 0.10.1 - Arbitrary File Inclusion PHP-Calendar Arbitrary File Inclusion Vendor: Sean Proctor Product: PHP-Calendar Version: = 0.10.1 Website: http://php-calendar.sourceforge.net/ BID: 12127 CVE: CVE-2004-1423 OSVDB: 12700 12701 SECUNIA: 22516 PACKETSTORM: 35563 Description: I was...