Ubuntu: Security Advisory (USN-6806-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco UCS-IMC Supervisor 2.2.0.0 Authentication Bypass

Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Date: 08/21/2019 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...

Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass Vulnerability

Exploit Title: Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass + Cisco IMC Supervisor - 2.2.1.0 + Affected Component: /app/ui/ClientServlet?apiName=GetUserInfo + Vendor:...

Inductive Automation Ignition Remote Code Execution Exploit

This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to and including 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an...

IBM Data Risk Manager 2.0.3 Default Password Exploit

This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time o...

Asus Unauthenticated LAN Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE...

NETGEAR WNR2000v5 remote code execution vulnerability

No description provided by source. Source: https://raw.githubusercontent.com/pedrib/PoC/master/exploits/netgearPwn.rb Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality, however t...

NETGEAR WNR2000v5 - Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits Source: https://raw.githubusercontent.com/pedrib/PoC/master/exploits/netgearPwn.rb Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro email protected / Agile Information Security Released on 20/12/2016 NOTE: this exploit is...

NETGEAR WNR2000v5 - Remote Code Execution

NETGEAR WNR2000v5 - Remote Code Execution Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality and has been deprecated. Please see the modules accepted into the Metasploit framework...

Netgear WNR2000v5 - Remote Code Execution

Remote code execution in NETGEAR WNR2000v5 - by Pedro Ribeiro [email protected] / Agile Information Security Released on 20/12/2016 NOTE: this exploit is "alpha" quality and has been deprecated. Please see the modules accepted into the Metasploit framework, or...

D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send without null bytes ARM: - inline rev/bind shell works...

WebNMS Framework 5.2SP1 File Upload

WebNMS 是一个业界领先的用于构建网络管理应用的架构。上传功能存在目录遍历及远程代码执行漏洞。 漏洞细节 FileUploadServlet允许未登录上传JSP文件。提交如下 POST 请求： POST /servlets/FileUploadServlet?fileName=../jsp/Login.jsp HTTP/1.1 下载官方Windows试用版软件测试通过： http://www.webnms.com/webnms/14107380/WebNMSFramework5STDWindows.exe 其它信息 漏洞发现者：Pedro Ribeiro...

WebNMS Framework 5.2SP1 Text File Download

Summary WebNMS is an industry-leading used to build network management applications architecture. The File Download feature does not require login you can download any text, non-binary file. Vulnerability details FetchFile to allow not logged in download the file, but only the text content of the...

Netgear Pro NMS 300 Code Execution / File Download

Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 Discovered by Pedro Ribeiro [email protected], Agile Information Security http://www.agileinfosec.co.uk/ ========================================================================== Disclosure:...

Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 Discovered by Pedro Ribeiro email protected, Agile Information Security http://www.agileinfosec.co.uk/...

Kaseya Virtual System Administrator (VSA) 7.0 9.1 - (Authenticated) Arbitrary File Upload

Kaseya Virtual System Administrator VSA 7.0 9.1 - Authenticated Arbitrary File Upload !/usr/bin/ruby kazPwn.rb - Kaseya VSA v7 to v9.1 authenticated arbitrary file upload CVE-2015-6589 / ZDI-15-450 =================== by Pedro Ribeiro / Agile Information Security Disclosure date: 28/09/2015 Usage...

Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload

!/usr/bin/ruby kazPwn.rb - Kaseya VSA v7 to v9.1 authenticated arbitrary file upload CVE-2015-6589 / ZDI-15-450 =================== by Pedro Ribeiro / Agile Information Security Disclosure date: 28/09/2015 Usage: ./kazPwn.rb https://:port execjs and mechanize gems are required to run this exploit...

Kaseya Virtual System Administrator File Download / Open Redirect Vulnerabilities

Kaseya Virtual System Administrator suffers from arbitrary file download open redirection vulnerabilities. Two vulns in Kaseya Virtual System Administrator - an authenticated arbitrary file download and two lame open redirects. Full advisory text below and at 1. Thanks to CERT for helping me to...

ICU library 52 < 54 - Multiple Vulnerabilities

Heap overflow and integer overflow in ICU library v52 to v54 Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 04/05/2015 / Last updated: 07/05/2015 Background on the affected...

SysAid Help Desk 14.4 Code Execution / Denial Of Service / Traversal / SQL Injection

Hi, tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE. SysAid have informed me they all have been fixed in 15.2, but no re-test was performed. Full advisory below, and a copy can be obtained at 1. 5 Metasploit modules have been released and currently awaiting merge in the moderati...