Primo Interactive CMS 'pcm.cgi'远程命令执行漏洞

Bugtraq ID:66549 Primo Interactive CMS是一款内容管理系统。 Primo Interactive CMS 'pcm.cgi'不正确过滤用户提交的数据，允许攻击者利用漏洞提交特殊请求以WEB上下文执行任意shell命令。 0 Primo Interactive CMS 6.2 目前没有详细解决方案： http://www.primo-corp.com.my http://www.example.com/cgi-bin/pcm.cgi?download=;id|...

Primo Interactive CMS - pcm.cgi Remote Command Execution

Primo Interactive CMS - pcm.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...

Primo Interactive CMS - 'pcm.cgi' Remote Command Execution

source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary commands in the context of the...

[Peepdf] PDF Analysis and Creation/Modification Tool

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...

[Skipfish] Web Application Security Scanner

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active but hopefully non-disruptive...

Vision Interactive - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Vision Interactive - SQL Injection and Cross-Site Scripting Google Dork: "Powered by Vision Interactive" Date: 04/02/2014 ontact: FB /7h38357 Exploit Author: X-Line Empire North Vendor Homepage: www.visioninteractive.ma Software...

'The Hacker News' Magazine - Relaunching New Editions

Dear Readers, After publishing 15 informative editions of 'The Hacker News' magazine in past 2 years; we at THN are again planning to relaunch the new Chapters of 'The Hacker News Magazine'. The Hacker News THN Monthly Magazine is the most comprehensive and informative collection of IT Security,...

CVE-2013-6838

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...

Design/Logic Flaw

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...

CVE-2013-6838

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...

CVE-2013-6838

CVE-2013-6838 affects Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903) when using OpenVZ with fallback customization. The vulnerability stems from using the same SSH private key across different customer installations, enabling remote attackers to gain privileges; advisories (XPD-2013-001) d...

[XSS Shell] XSS Backdoor and Zombie Manager

XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by “XSS-Proxy – http://xss-proxy.sourceforge.net/”. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page...

Enghouse Interactive IVR Pro (VIP2000) Remote Root

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 XPD - XPD Advisory https://xpd.se Enghouse Interactive IVR Pro VIP2000 remote root authentication bypass Vulnerability Advisory ID: XPD-2013-001 CVE reference: CVE-2013-6838 Affected platforms: IVR Pro/Contact Center VIP2000 platforms with OpenVZ an...

LiveZilla 5.1.1.0 Stored XSS in operator clients

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...

Command Shell, Reverse TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

Command Shell, Bind TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

[SSLSmart] Smart SSL Cipher Enumeration

SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed b...

[iptables-bash_completion] Programmable completion code (bash) for ip[6]tables

This is the programmable completion specification compspec for the iptables program netfilter.org. Features Interactive completion for ip6tables. This completion specification follows the logic of iptables and will only show commands and options, when they are available for the current context...

Command Shell, Bind TCP (via nodejs)

Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...

Command Shell, Reverse TCP SSL (via nodejs)

Creates an interactive shell via nodejs, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 831 include Msf::Payload::Single include Msf::Payload::NodeJS include...