9784 matches found
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell
Allied Telesis AT-RG634A ADSL Broadband Router - Web Shell Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing...
VICIdial Manager Send OS Command Injection (CVE-2013-4468)
An OS Command Injection vulnerability has been reported in VICIdial Manager. The vulnerability is due to a web application uses unsanitized user input. A remote attacker could trigger this flaw by using a crafted SQL parameter value...
Webuzo 2.1.3 - Multiple Vulnerabilities
Webuzo 2.1.3 - Multiple Vulnerabilities Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2...
Webuzo 2.1.3 - Multiple Vulnerabilities
Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2 FINAL CVE : CVE-2013-6041, CVE-2013-6042,...
Webuzo 2.1.3 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS...
Linksys E-Series TheMoon Remote Command Injection
Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so-called "TheMoon" worm. There are many Linksys systems that are potentially vulnerable, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,...
Security Advisory: NETGEAR Router D6300B Firmware: V1.0.0.14_1.0.14
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory ID: SYSS-2013-001 Product: NETGEAR Router D6300B / Firmware: V1.0.0.141.0.14 latest Vendor: Netgear Affected Versions: until V1.0.0.141.0.14 latest Tested Versions: V1.0.0.141.0.14 latest Vulnerability Type: Root-Shell, OS Command Injection,...
Netgear D6300B Command Injection / Misconfiguration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory ID: SYSS-2013-001 Product: NETGEAR Router D6300B / Firmware: V1.0.0.141.0.14 latest Vendor: Netgear Affected Versions: until V1.0.0.141.0.14 latest Tested Versions: V1.0.0.141.0.14 latest Vulnerability Type: Root-Shell, OS Command Injection,...
MediaWiki 1.22.1 PdfHandler Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MediaWiki images/xnz.php 3. access to php-backdoor! http://vulnerable-site/images/xnz.php?1=rm%20-rf%20%2f%20--no-preserve-root 4. happy pwning!! Related files: thumb.php -- extract all GET array to params /extensions/PdfHandler/PdfHandlerbody.php --...
SEC Consult SA-20140122-0 :: Critical vulnerabilities in T-Mobile HOME NET Router LTE (Huawei B593u-12)
SEC Consult Vulnerability Lab Security Advisory 20140122-0 ======================================================================= title: Multiple critical vulnerabilities product: T-Mobile HOME NET Router LTE / Huawei B593u-12 vulnerable version: V100R001C54SP063 T-Mobile Austria fixed version:...
Netgear DGN2000 telnet远程访问漏洞
Netgear DGN2000是一款路由器设备。 Netgear DGN2000默认存在监听TCP 32764端口的telnet服务,允许远程攻击者利用漏洞提交特制的请求执行任意OS命令。 0 Netgear DGN2000 目前没有详细解决方案提供: http://www.downloads.netgear.com/files/GDC/DGN2000/dgn2000ds18july08.pdf...
Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities
Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities Title: Ditto Forensic FieldStation, multiple vulnerabilities Versions affected: = 2013Oct15a all Vendor: CRU Wiebetech Discovered by: Martin Wundram Email: [email protected] Date found: 2013-04-22 Date published: 2013-12-12...
VICIdial Manager Send OS Command Injection Vulnerability
The file agc/managersend.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with...
Raidsonic NAS Devices Unauthenticated Remote Command Execution
Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This Metasploit module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a...
Raidsonic NAS Devices - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Raidsonic NAS Devices Unauthenticated...
Raidsonic NAS Devices Unauthenticated Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Raidsonic NAS Devices Unauthenticated...
D-Link Devices UPnP SOAP Telnetd Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'D-Link Devices UPnP SOAP Telnetd...
[CORE-2013-0809] Sophos Web Protection Appliance Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL:...
Sophos Web Protection Appliance - Multiple Vulnerabilities
Sophos Web Protection Appliance - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-08...
Sophos Web Protection Appliance - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Sophos Web Protection Appliance Multiple Vulnerabilities 1. Advisory Information Title: Sophos Web Protection Appliance Multiple Vulnerabilities Advisory ID: CORE-2013-0809 Advisory URL:...