9783 matches found
Nagios XI Network Monitor Graph Explorer Component Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Nagios XI Network...
Nagios XI Network Monitor Graph Explorer Component Command Injection
Exploit for unix platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Nagios XI Network Monitor 2011R1.9 OS Command Injection
======= Summary ======= Name: Nagios XI Network Monitor - OS Command Injection Release Date: 30 November 2012 Reference: NGS00196 Discoverer: Daniel Compton Vendor: Nagios Vendor Reference: 0000283 Systems Affected: Nagios XI Network Monitor 2011R1.9 Risk: High Status: Published ======== TimeLine...
SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection
This module makes use of the SXPGCOMMANDEXEC Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service, to inject and execute OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module i...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
Advisory ID: HTB23123 Product: Smartphone Pentest Framework SPF Vendor: Bulb Security LLC Vulnerable Versions: v0.1.2 and probably prior Tested Version: v0.1.2 Vendor Notification: October 24, 2012 Public Disclosure: November 14, 2012 Vulnerability Type: OS Command Injection CWE-78, SQL Injection...
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
This module makes use of the SXPGCALLSYSTEM Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service, to inject and execute OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is...
PT-2025-31693 · D Link · Dlink Router
Name of the Vulnerable Software and Affected Versions: D-Link routers version 8.04 Description: An authenticated OS command injection vulnerability exists via the tools vct.htm endpoint. The web interface fails to sanitize input passed from the ping ipaddr parameter to the tools vct.htm diagnosti...
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...
PT-2025-31695 · NetGear · Netgear Routers
Name of the Vulnerable Software and Affected Versions: Netgear routers versions 1.1.00.24 through 1.1.00.45 Description: An authenticated OS command injection vulnerability exists due to improper input neutralization. This allows for command injection through crafted POST requests to the /setup.c...
PT-2025-31687
Name of the Vulnerable Software and Affected Versions D-Link DIR-300 version 1.05 D-Link DIR-615 version 4.13 Description An OS command injection vulnerability exists in multiple D-Link routers via the authenticated tools vct.xgi CGI endpoint. The web interface does not properly sanitize...
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
This module exploits a command injection vulnerability found in E-Mail Security Virtual Appliance. This module abuses the learn-msg.cgi file to execute arbitrary OS commands without authentication. This module has been successfully tested on the ESVA2057 appliance. This module requires Metasploit...
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...
NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection
High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor OS Command Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...
Symantec Web Gateway 5.0.2.8 Multiple Vulnerabilities
Exploit for linux platform in category web applications Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include:...
Symantec Web Gateway 5.0.28 LFI / Code Execution
Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...
Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection
Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...
Dolibarr ERP/CRM Post-Auth OS Command Injection
This module exploits a vulnerability found in Dolibarr ERP/CRM 3's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input...
Dolibarr ERP / CRM OS Command Injection
Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Yes Locally Exploitable: Yes 3. Software...
Cyberoam Unified Threat Management: OS Command Execution
Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 bui...
Cyberoam UTM Multiiple Vulnerabilities
Exploit for hardware platform in category web applications Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and...