18 matches found
CVE-2024-39148
The service wmp-agent of KerOS prior 5.12 does not properly validate so-called ‘magic URLs’ allowing an unauthenticated remote attacker to execute arbitrary OS commands as root when the service is reachable over network. Typically, the service is protected via local firewall...
NEC Aterm 安全漏洞
The NEC Aterm is a series of wireless routers from Nippon Electric NEC. A security vulnerability exists in NEC Aterm that originates from allowing an attacker to execute arbitrary operating system commands with root privileges over the Internet. The following products are affected: WG1800HP4,...
MiniDVBLinux 5.4 Remote Root Command Execution
!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Execution Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...
MiniDVBLinux 5.4 Remote Root Command Injection
!/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based o...
DrayTek Vigor Series Arbitrary Command Execution Vulnerability
The DrayTek Vigor300B is an enterprise-class router. The DrayTek Vigor300B cgi-bin/mainfunction.cgi URI fails to properly handle SHELL characters, which can be exploited by a remote attacker to submit a special request to execute arbitrary commands with ROOT privileges...
CVE-2019-17509
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php...
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution Vulnerability
Exploit for linux platform in category remote exploits Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Vendor KB: https://support.emc.com/kb/521234 Github:...
Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution
Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB...
Linksys WVBR0 25 Command Injection(CVE-2017-17411)
In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its U-Verse service in favor of its DirecTV...
Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution
i? Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1....
Alcasar 2.8 Remote Root Command Execution
!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...
DD-WRT v24-sp1 - (CSRF) Cross Site Reference Forgery Exploit
No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...
ACTi ASOC 2200 Web Configurator <= 2.6 - Remote Root Command Execution
No description provided by source. !perl ACTi ASOC 2200 Web Configurator = v2.6 Remote Root Command Execution Dicovery & Author: Todor Donev Author mail: todor.donev@@gmail.com Type: Hardware Vuln Type and Risk: Remote / High ACTi Corporation is the technology leader in IP surveillance, focusing ...
Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution
Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...
ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution
!perl ACTi ASOC 2200 Web Configurator + ACTi ASOC 2200 Web Configurator \n"; exit; if! $ARGV1 $cmd = "id"; my $result = get"http://$host/cgi-bin/test?iperf=;$cmd &"; if defined $result print " $cmd\n $result"; else print "- Not Vulnerable\n";...
MicroWorld eScan Antivirus Remote Root Command Execution
!/usr/bin/env python import sys from socket import auther: Mohammed almutairi [email protected] """ MicroWorld eScan Antivirus 1 if $POST'forgot' == "Send Password" $user = $POST"uname"; 2 insecure: vulnerable code in forgotpassword.php and commonfunctions.php in 1 $runasroot =...
Multiple XSRF in DD-WRT (Remote Root Command Execution)
Author: Michael Brooks !!!! I usually don't like posting my leet exploits to bugtraq because it is so unprofessional. You guys usually malform my exploits so they are totally useless, even to someone trying to write a patch! You also tend to get the wrong name! Michael Brooks wrote this! Exploits...
DD-WRT v24-sp1 (XSRF) Cross Site Reference Forgery Exploit
No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...