902 matches found
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
Improper access control
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
CVE-2019-5162
The CVE-2019-5162 issue affects Moxa AWK-3131A firmware v1.13 (iw_webs account settings). A crafted username can overwrite an existing user password, allowing remote shell access as that user when authenticated as a low-privilege user. Talos reports this as an exploitable improper access control ...
Moxa AWK-3131A iw_webs Account Settings Improper Access Control Vulnerability
Summary An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the...
eLection 2.0 - 'id' SQL Injection
Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Kali Rolling The eLection Web...
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...
Centreon Poller Authenticated Remote Command Execution
An authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the scheduler for data processing, etc. This modul...
Multiple D-Link Products Trust Management Issue Vulnerabilities
The D-Link DIR-600 B1, among others, is a wireless router from AUO D-Link of Taiwan, China. A trust management issue vulnerability exists in multiple D-Link products, which originates from a program with a hard-coded account that can be exploited by an attacker to obtain a remote /bin/sh shell an...
FUDForum 3.0.9 Code Execution / Cross Site Scripting
// Exploit Title : FUDForum 3.0.9 - Stored XSS / Remote Code Execution // Date : 10/26/19 // Exploit Author : liquidsky JMcPeters // Vulnerable Software : FUDForum 3.0.9 // Vendor Homepage : https://sourceforge.net/projects/fudforum/ // Version : 3.0.9 // Software Link :...
Metasploit Pro 4.16 and earlier install the web server SSL server.key as local-user readable by default
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...
Cisco TelePresence CE Software, TC Software and RoomOS Software Elevation of Privilege Vulnerabilities
Cisco RoomOS Software is a suite of automated management software for Cisco devices from Cisco.Cisco TelePresence is a telepresence solution.Cisco TelePresence CE Software is an endpoint in a videoconferencing solution known as a telepresence system. Cisco TelePresence CE Software is an endpoint ...
.WAVs Hide Malware in Their Depths in Innovative Campaign
UPDATE Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the file’s audio data. The embedded code consists of two different payloads: A XMRig/Monero CPU cryptominer and Metasploit code...
FileThingie 2.5.7 Remote Shell Upload
Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Discovery Date: 2019-09-03 Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS: CentOS 7 CVE: N/A Intro: Easy arbitrary file...
AutoRDPwn v5.0 - The Shadow Attack Framework
AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability listed as a feature by Microsoft allows a remote attacker to view his victim's desktop without his consent, and even control it...
CVE-2019-14923
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/toolall/ host field...
CVE-2019-12325
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device DoS without authentication or execute code authenticated as a user to spawn a remote shell as a root user...
Buffer overflow
The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device DoS without authentication or execute code authenticated as a user to spawn a remote shell as a root user...
CVE-2019-1576
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...
CVE-2019-1576
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...