CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2014/11/10 12:0 a.m.•54 views

tnftp "savefile" Arbitrary Command Execution Exploit

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...

7.5CVSS5AI score0.84981EPSS

Exploits8

FreeBSD•added 2014/11/04 12:0 a.m.•28 views

FreeBSD -- Remote command execution in ftp(1)

Problem Description: A malicious HTTP server could cause ftp1 to execute arbitrary commands. Impact: When operating on HTTP URIs, the ftp1 client follows HTTP redirects, and uses the part of the path after the last '/' from the last resource it accesses as the output filename if '-o' is not...

7.5CVSS5.5AI score0.84981EPSS

Exploits8

Metasploit•added 2014/10/28 12:0 a.m.•7 views

tnftp "savefile" Arbitrary Command Execution

1.1AI score

seebug.org•added 2014/07/01 12:0 a.m.•13 views

BSD bmon <= 1.2.1_2 - Local Exploit

No description provided by source. !/usr/local/bin/bash Written by Idan Nahoum. [email protected] local exploit for FreeBSD/OpenBSD with bmon 1.2.12 installed. when bmon is executed with the -n parameter it popens netcat but fail to provide an absoluth path. some bsds are configured with acls that...

seebug.org•added 2014/07/01 12:0 a.m.•27 views

Sun VirtualBox <= 3.0.6 - Privilege Escalation

No description provided by source. !/bin/sh CVE-2009-3692 Sun VirtualBox = 3.0.6 local root exploit ======================================================== Exploits popen meta char shell injection vulnerability in Sun VirtualBox. E.g. admin@sundevil:/test$ id uid=101admin gid=10staff...

7.2CVSS6.4AI score0.00176EPSS

Exploits6

seebug.org•added 2014/07/01 12:0 a.m.•23 views

VMWare Setuid vmware-mount Unsafe popen(3)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

seebug.org•added 2014/07/01 12:0 a.m.•13 views

Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------------- Cacti = 0.8.6i cmd.php popen injection by rgod dork: intitle:login to cacti mail: retrog at alice dot it site: http://retrogod.altervista.org...

seebug.org•added 2014/07/01 12:0 a.m.•17 views

PHP <= 3.0.13 'safe_mode' Failure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/911/info PHP Version 3.0 is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

SGI IRIX 6.x rpc.xfsmd Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5075/info Throghout the implementation of the supported remote procedure calls, the server uses the popen libc function. When popen is used, arguments passed to the RPC are included in the command string. These arguments...

seebug.org•added 2014/05/27 12:0 a.m.•18 views

Srun3000命令执行第4弹

简要描述：第4弹详细说明： getonlineuser.php 这回有个key需算MD5 不用登陆。 $key = "oeit&^df"; $uname = $GET'uname'; $action = $GET'action'; if $GET'k' != md5 $action.$uname.$key //有个验证算一下就好。 exit ; switch $action case "show4" : $pfd = popen "/srun3/bin/onlineuser -4 -u ".$uname, "r" ; //这里 if $pfd while $con = fgets...

Packet Storm•added 2013/08/29 12:0 a.m.•39 views

VMWare Setuid vmware-mount Unsafe popen(3)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

6.9CVSS6.6AI score0.06135EPSS

Exploit DB•added 2013/08/29 12:0 a.m.•36 views

VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)

6.9CVSS7.4AI score0.06135EPSS

0day.today•added 2013/08/29 12:0 a.m.•33 views

VMWare Setuid vmware-mount Unsafe popen(3)

VMWare Workstation up to and including 9.0.2 build-1031769 and Player have a setuid executable called vmware-mount that invokes lsbrelease in the PATH with popen3. Since PATH is user-controlled, and the default system shell on Debian-derived distributions does not drop privs, we can put an...

6.9CVSS0.7AI score0.06135EPSS

Metasploit•added 2013/08/27 4:29 a.m.•50 views

VMWare Setuid vmware-mount Unsafe popen(3)

6.9CVSS6.8AI score0.06135EPSS