Eaton Network Shutdown Module Code Injection

A code injection vulnerability exists in Eaton. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require...

Eaton Network Shutdown Module 3.21 PHP Code Injection

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage...

Eaton Network Shutdown Module 3.21 PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Network Shutdown Module 3.21 Remote PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

Network Shutdown Module sort_values Credential Dumper

This module will extract user credentials from Network Shutdown Module versions 3.21 and earlier by exploiting a vulnerability found in lib/dbtools.inc, which uses unsanitized user input inside a eval call. Please note that in order to extract credentials, the vulnerable service must have at leas...

Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability

Eaton Network Shutdown Module is prone to a remote PHP code-execution vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

Eaton Network Shutdown Module view_list.php paneStatusListSortBy Parameter eval() Call Remote PHP Code Execution

The version of the Eaton Network Shutdown Module hosted on the remote web server does not sanitize user input to the 'paneStatusListSortBy' parameter of the 'viewlist.php' script before using it as part of a command to be executed via PHP's 'eval' function. An unauthenticated, remote attacker can...

Eaton Network Shutdown Module Detection

The remote web server is part of Network Shutdown Module, from Eaton Corporation formerly MGE Office Protection Systems. It is used to monitor UPS-protected computers and shut them down gracefully if AC power fails. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid6008...

Eaton Network Shutdown Module Default Administrator Credentials

The remote Eaton Network Shutdown Module install uses a default set of credentials to control access to its administrative functionality. With this information, an attacker can gain complete access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Code injection

Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via paneactionbutton.php, and then executing this action via execaction.php...

CVE-2008-6816

Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via paneactionbutton.php, and then executing this action via execaction.php...

CVE-2008-6816

CVE-2008-6816 affects Eaton MGEOPS Network Shutdown Module prior to 3.10 Build 13. An attacker can add a custom action in pane_actionbutton.php and then trigger it via exec_action.php, enabling remote arbitrary code execution. The NASL/NVD data also notes authentication bypass in older versions (...

CVE-2008-6816

Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via paneactionbutton.php, and then executing this action via execaction.php...

EATON MGE Office Protection Systems Network Shutdown Module unauthorized access

Authentication bypass and code execution...

n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2008.009 27-October-2008 Vendor: Eaton MGE office protection systems Affected Products: Network Shutdown Module version 3.10 Vulnerability: authentication bypass vulnerability and remote code execution Risk: High Vendor communication:...

Eaton Network Shutdown Module绕过认证漏洞

BUGTRAQ ID: 31933 Network Shutdown Module是EATON公司MGE办公保护系统中用于安全关机的软件。 用户无需认证便可以向Network Shutdown Module的MGE前端（paneactionbutton.php）添加自定义操作，包括执行任意命令。 Eaton Network Shutdown Module 3.10 Eaton ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://download.mgeops.com/explore/eng/network/netsol.htm...

Eaton Network Shutdown Module < 3.20 Authentication Bypass / Command Execution

According to its version number, the Network Shutdown Module install on the remote host is earlier than 3.20. It therefore reportedly fails to require authentication before allowing a remote attacker to add custom actions through the 'paneactionbutton.php' script and then execute them via the...