21 matches found
EUVD-2011-2737
Malware in sbrugna...
LifeSize Room 5.0.9 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware,...
LifeSize Room 5.0.9 - Multiple Vulnerabilities
LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...
LifeSize Room Security Bypass and Command Injection Vulnerabilities (CVE-2011-2763)
Multiple vulnerabilities exist in the LifeSize Room appliance. The vulnerabilities are due Unauthenticated OS command injection through the web interface.A remote attacker can exploit those vulnerabilities by sending crafted requests to the affected service...
LifeSize Room Command Injection
No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable...
LifeSize Room Command Injection
This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options. This module requires Metasploit: https://metasploit.com/download Current...
LifeSize Room Command Injection
LifeSize Room Command Injection. CVE-2011-2763. Remote exploit for hardware platform $Id: lifesizeroom.rb 14143 2011-11-02 19:40:05Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web sit...
LifeSize Room Command Injection
Exploit for hardware platform in category remote exploits $Id: lifesizeroom.rb 14143 2011-11-02 19:40:05Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...
CVE-2011-2762
The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...
Design/Logic Flaw
The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php...
Authentication flaw
The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...
CVE-2011-2763
The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php...
CVE-2011-2762
The LifeSize Room appliance LS_RM1_3.5.3 (11) web interface is affected by an authentication bypass vulnerability in gateway.php via LSRoom_Remoting.authenticate that lets an unauthenticated attacker gain admin access by tampering AMF data. A separate issue allows unauthenticated command executio...
CVE-2011-2762
The web interface on the LifeSize Room appliance LSRM13.5.3 11 allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoomRemoting.authenticate function in gateway.php...
CVE-2011-2763
The web interface on the LifeSize Room appliance LSRM13.5.3 11 and 4.7.18 allows remote attackers to execute arbitrary commands via a modified request to the LSRoomRemoting.doCommand function in gateway.php. Recent assessments: zeroSteiner at January 13, 2020 5:56pm UTC reported: The request to...
LifeSize Room Vulnerabilities
Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...
LifeSize Room appliance authentication bypass and arbitrary code injection vulnerability
Overview LifeSize Room appliance contains an authentication bypass and arbitrary code injection vulnerability when failing to sanitize input from unauthenticated clients. Description According to LifeSize's website "LifeSize Room combines an immersive, high definition video experience with a rich...
LifeSize Room Command Injection
Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the...
LifeSize Room - Command Injection (Metasploit)
LifeSize Room - Command Injection Metasploit require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the...
LifeSize Room 3.5.3 / 4.7.18 Command Injection
require 'msf/core' class Metasploit3 'LifeSize Room Command Injection', 'Description' = %q This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commmands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of...