Sharepoint Dynamic Proxy Generator Remote Command Execution Exploit

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers t...

OpenNMS Horizon 31.0.7 Remote Command Execution Exploit

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLEFILESYSTEMEDITOR privileges and either ROLEADMIN or ROLEREST. For versio...

Sharepoint Dynamic Proxy Generator Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'Sharepoint Dynamic Proxy Generator Unauth RCE', 'Description' = %q This module exploits two vulnerabilities in Sharepoint...

The vulnerability of the formSetSambaConf() function (/goform/setsambacfg) in the Tenda AC10U router software allows a attacker to execute arbitrary commands.

The vulnerability of the formSetSambaConf function /goform/setsambacfg of the Tenda AC10U router software is related to the failure to take measures to neutralize special elements used in the OS command when processing the usbName parameter. Exploiting this vulnerability allows a remote attacker ...

The vulnerability of the formSetSambaConf() function (/goform/setsambacfg) in the Tenda AC15 router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the formSetSambaConf function /goform/setsambacfg of the Tenda AC15 router software is related to the failure to take measures to neutralize special elements used in the OS command when processing the parameter usbName. Exploiting this vulnerability allows a remote attacker t...

PT-2024-22208

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

PT-2024-22211

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote command execution RCE vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows...

TOTOLINK A3300R 安全漏洞

The TOTOLINK A3300R is a dual-band wireless router. A command execution vulnerability exists in the TOTOLINK A3300R, which stems from a Remote Command Execution RCE vulnerability in multiple parameters of the setOpModeCfg function, which can be exploited by an attacker to execute arbitrary system...

CVE-2024-27521

The CVE-2024-27521 issue affects TOTOLINK A3300R (version 17.0.0cu.557_B20221024). An unauthenticated remote command execution flaw exists in the setOpModeCfg function, allowing an attacker to execute arbitrary system commands with root privileges. Impact is device takeover via remote abuse, with...

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote command execution RCE vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows...

The vulnerability of the formWriteFacMac function (/goform/WriteFacMac) in the Tenda AC10U router software, which allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function /goform/WriteFacMac in the Tenda AC10U router software relates to the failure to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-27521

TOTOLINK A3300R V17.0.0cu.557B20221024 was discovered to contain an unauthenticated remote command execution RCE vulnerability via multiple parameters in the "setOpModeCfg" function. This security issue allows an attacker to take complete control of the device. In detail, exploitation allows...

CVE-2024-24897 Remote command execution in A-Tune-Collector

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...

CVE-2024-24897 Remote command execution in A-Tune-Collector

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files...

LunarNight Laboratory WebProxy 安全漏洞

Lunarnight Laboratory LunarNight Laboratory WebProxy is a perl script for web proxies from Lunarnight Laboratory Vietnam. A security vulnerability exists in LunarNight Laboratory WebProxy versions 1.7.8 through 1.7.9 that originates from a vulnerability that could allow an unauthenticated, remote...

CVE-2024-27438 Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...

CVE-2024-27438 Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution

Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code...

CVE-2024-27438

CVE-2024-27438 affects Apache Doris. The vulnerability arises from downloading and loading arbitrary JDBC driver jars used by the JDBC catalog, enabling remote command execution when a catalog is initialized with unchecked code snippets. Affected versions are Doris 1.2.0 through 2.0.4; upgrade to...

CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file...