TP-Link SC2020n Authenticated Telnet Injection

The TP-Link SC2020n Network Video Camera is vulnerable to OS Command Injection via the web interface. By firing up the telnet daemon, it is possible to gain root on the device. The vulnerability exists at /cgi-bin/admin/servetest, which is accessible with credentials. This module requires...

CVE-2016-1352

Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...

Input validation

Cisco Unified Computing System UCS Central Software 1.31b and earlier allows remote attackers to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuv33856...

CVE-2016-3654

The CVE concerns PAN-OS device management CLI parsing of an SSH command parameter, allowing authenticated administrators to run arbitrary OS commands with root privileges. Affected PAN-OS versions: 5.0.x before 5.0.18; 5.1.x before 5.1.11; 6.0.x before 6.0.13; 6.1.x before 6.1.10; 7.0.x before 7....

AKIPS Network Monitor 16.5 OS Command Injection

Exploit Title: AKIPS Network Monitor 15.37-16.6 OS Command Injection Date: 03-14-2016 Exploit Author: BrianWGray Contact: https://twitter.com/BrianWGray WebPage: http://somethingbroken.com/ Vendor Homepage: https://www.akips.com/ Software Link: https://www.akips.com/showdoc/download Version: 15.3...

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection

Exploit for perl platform in category web applications Exploit Title: AKIPS Network Monitor 15.37-16.6 OS Command Injection Date: 03-14-2016 Exploit Author: BrianWGray Contact: https://twitter.com/BrianWGray WebPage: http://somethingbroken.com/ Vendor Homepage: https://www.akips.com/ Software Lin...

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Exploit Title: AKIPS Network Monitor 15.37-16.6 OS Command Injection Date: 03-14-2016 Exploit Author: BrianWGray Contact: https://twitter.com/BrianWGray WebPage: http://somethingbroken.com/ Vendor Homepage: https://www.akips.com/...

AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection

Exploit Title: AKIPS Network Monitor 15.37-16.6 OS Command Injection Date: 03-14-2016 Exploit Author: BrianWGray Contact: https://twitter.com/BrianWGray WebPage: http://somethingbroken.com/ Vendor Homepage: https://www.akips.com/ Software Link: https://www.akips.com/showdoc/download Version: 15.3...

Schneider Electric SBO AS - Multiple Vulnerabilities

Schneider Electric SBO AS - Multiple Vulnerabilities Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...

Schneider Electric SBO / AS - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About...

Schneider Electric SBO / AS - Multiple Vulnerabilities

Exploit Title: Schneider Electric SBO / AS Multiple Vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.schneider-electric.com Versions Reported: Automation Server Series AS, AS-P, v1.7 and prior CVE-ID: CVE-2016-2278 About Schneider Electric’s corporate headquarters is located in...

CVE-2016-2278

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

CVE-2016-2278

Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh aka Minimal Shell protection mechanism...

JVN#69854312: baserCMS vulnerable to OS command injection

baserCMS is an open-source Contents Management System CMS. baserCMS contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the server by a logged in attacker. Solution Update the Software Update to the latest version according to the information...

phpMyBackupPro 2.5 Shell Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILEUPLOADVULN.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

CVE-2016-1320

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286...

Damn Vulnerable Web Services: DVWS

Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment. This application is designed to understand the...

D-Link DCS-930L Authenticated Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link DCS-930L Authenticated Remote Command Execution', 'Description' = %q The D-Link DCS-930L Network Video Camera is vulnerable t...

CVE-2016-1141

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors...

HOME SPOT CUBE vulnerable to OS command injection

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an OS command injection vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...