Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Polycom Shell HDX Series Traceroute Command Execution', 'Description' = %q Within Polycom command shell, a command execution flaw exists in lan...

CVE-2017-13160

CVE-2017-13160 is a remote code execution in Android’s Bluetooth subsystem affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-37160362). The vulnerability is classified as RCE and received a Critical/High-severity rating in the Android bulletin, with impact described as arbitrary code exec...

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...

Polycom HDX Series RCE

When doing external assessments you spend a decent amount of time footprinting your target and finding possible avenues of attack. Given a large corporate, you are pretty likely to hit video conferencing end-points. This post details a vulnerability in one of these video conferencing systems, the...

Polycom Shell HDX Series Traceroute Command Execution Exploit

Within Polycom command shell, a command execution flaw exists in lan traceroute, one of the dev commands, which allows for an attacker to execute arbitrary payloads with telnet or openssl. This module requires Metasploit: https://metasploit.com/download Current source:...

Polycom Shell HDX Series Traceroute Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Polycom Shell HDX Series Traceroute Command Execution', 'Description' = %q Within Polycom command shell, a command execution flaw exists in lan...

Apache Tomcat HTTP PUT JSP File Upload RCE

The HTTP server running on the remote host is affected by a flaw that allows a remote unauthenticated attacker to upload a JSP file and execute it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid105006;...

FreeBSD : mybb -- multiple vulnerabilities (addad6de-d752-11e7-99bf-00e04c1ea73d)

mybb Team reports : High risk: Language file headers RCE Low risk: Language Pack Properties XSS %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and...

HP iMC Plat 7.2 Remote Code Execution

!/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE Date: 11-29-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

HP iMC Plat 7.2 - Remote Code Execution Exploit

Exploit for windows platform in category remote exploits !/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

CVE-2017-14198

Summary: CVE-2017-14198 affects Squiz Matrix prior to 5.3.6.1 and 5.4.x prior to 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag. The connected CNVD/NVD entries corroborate the affected versions an...

Arbitrary Code Execution

squizlabs/PHPCodeSniffer is vulnerable to remote code execution RCE attacks. The library does not properly escape the filepath variable for the generateDiff function, allowing a malicious user to inject and execute arbitrary shell commands...

Remote Code Execution (RCE)

PHPMailer is vulnerable to remote code execution RCE attacks. It is possible because it uses escapeshellcmd which does not properly escape the injected extra parameters through the sendmailSend function. Using this flaw, attackers can inject parameters and launch the execution of arbitrary code...

HP iMC Plat 7.2 - Remote Code Execution (2)

!/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE Date: 11-29-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

pfSense 2.3.1_1 Remote Command Execution Exploit

pfSense versions 2.3.11 and below contain a remote command execution vulnerability post authentication in the systemgroupmanager.php page. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSens...

HP iMC Plat 7.2 - Remote Code Execution

HP iMC Plat 7.2 - Remote Code Execution !/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10007 Command Injection RCE Date: 11-28-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

Exim Use-After-Free(CVE-2017-16943)

On 23 November, 2017, we reported two vulnerabilities to Exim. These bugs exist in the SMTP daemon and attackers do not need to be authenticated, including CVE-2017-16943 for a use-after-free UAF vulnerability, which leads to Remote Code Execution RCE; and CVE-2017-16944 for a Denial-of-Service D...

HP LaserJet Printers RCE (HPSBPI03569)

According to its model number and firmware revision, the remote HP LaserJet printer is affected by a remote code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104812; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

FreeBSD : mybb -- multiple vulnerabilities (7761288c-d148-11e7-87e5-00e04c1ea73d)

myBB Team reports : High risk: Installer RCE on configuration file write High risk: Language file headers RCE Medium risk: Installer XSS Medium risk: Mod CP Edit Profile XSS Low risk: Insufficient moderator permission check in delayed moderation tools Low risk: Announcements HTML filter bypass Lo...

mybb -- multiple vulnerabilities

mybb Team reports: High risk: Language file headers RCE Low risk: Language Pack Properties XSS...