Many Drug Pumps Open to Variety of Security Flaws

In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump manufactured by a company named Hospira. He went so far as to call the pump “the least secure IP enabled device I’ve ever touched in my life.” As it turns out, those same vulnerabilities...

WordPress Amerisale Re Plugin - Remote Shell Upload

This plugin is prone to a remote shell upload vulnerability. Solution Update the plugin...

WordPress FCKeditor Deans With Pwwangs Code Plugin <= 1.0.0 - Remote Shell Upload

This plugin is prone to remote shell upload vulnerability. Solution Update the plugin...

EMC M&R (Watch4net) - Credential Disclosure Vulnerability

It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Abstract It was discovered that EMC M&R Watch4net...

EMC MR (Watch4net) - Credential Disclosure

EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...

EMC M&amp;R (Watch4net) - Credential Disclosure

Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affected products EMC reports that the following...

ElasticSearch Unauthenticated Remote Code Execution Exploit

Exploit for linux platform in category remote exploits !/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set...

RStickets! 1.0.0 Remote Shell Upload

RStickets! RSTickets!" is no longer sold / developed POC: Upload shell.php.zip from the form and the shell will be uploaded to the server on this path components/comrstickets/files/ and it will be executable May be another versions are vulnerable also to the same vulnerability = XSS In name...

RSform!Pro 1.3.0 Remote Shell Upload

RSform!Pro There is a reflected XSS Vulnerability in the form .. Birthdate parameter alert1337...

BMC TrackIt! 11.3 Unauthenticated Local User Password Change

BMC TrackIt! 11.3 Unauthenticated Local User Password Change Trial available here: http://www.trackit.com A Metasploit pull request has been made here: https://github.com/rapid7/metasploit-framework/pull/4359 BMC TrackIt! 11.3 when installed with TrackItWeb! allows an unauthenticated user to chan...

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

Drupal HTTP Parameter Key/Value SQL Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Drupal HTTP Parameter Key/Value SQL Injection', 'Description' = %q This module exploits the Drupal HTTP Parameter Key/Value SQL...

Drupal HTTP Parameter Key/Value SQL Injection

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability &#40;CVE-2014-5460&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Python !/usr/bin/env python WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability CVE-2014-5460 Vulnerability discovered by: Jesus...

WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability

No description provided by source. Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage: http://tribulant.com/ Software: Slideshow...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage:...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload

Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage: http://tribulant.com/ Software: Slideshow Gallery Version: 1.4.6 Software Lin...

Kiddo - remote shell upload

The kiddo WordPress theme was affected by a remote shell upload security vulnerability...

ThisWay - remote shell upload

The thisway WordPress theme was affected by a remote shell upload security vulnerability...