eLection 2.0 - 'id' SQL Injection

Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Kali Rolling The eLection Web...

Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...

Centreon Poller Authenticated Remote Command Execution

An authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules to perform certain actions, by the scheduler for data processing, etc. This modul...

Multiple D-Link Products Trust Management Issue Vulnerabilities

The D-Link DIR-600 B1, among others, is a wireless router from AUO D-Link of Taiwan, China. A trust management issue vulnerability exists in multiple D-Link products, which originates from a program with a hard-coded account that can be exploited by an attacker to obtain a remote /bin/sh shell an...

FUDForum 3.0.9 Code Execution / Cross Site Scripting

// Exploit Title : FUDForum 3.0.9 - Stored XSS / Remote Code Execution // Date : 10/26/19 // Exploit Author : liquidsky JMcPeters // Vulnerable Software : FUDForum 3.0.9 // Vendor Homepage : https://sourceforge.net/projects/fudforum/ // Version : 3.0.9 // Software Link :...

Cisco TelePresence CE Software, TC Software and RoomOS Software Elevation of Privilege Vulnerabilities

Cisco RoomOS Software is a suite of automated management software for Cisco devices from Cisco.Cisco TelePresence is a telepresence solution.Cisco TelePresence CE Software is an endpoint in a videoconferencing solution known as a telepresence system. Cisco TelePresence CE Software is an endpoint ...

Metasploit Pro 4.16 and earlier install the web server SSL server.key as local-user readable by default

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to...

.WAVs Hide Malware in Their Depths in Innovative Campaign

UPDATE Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the file’s audio data. The embedded code consists of two different payloads: A XMRig/Monero CPU cryptominer and Metasploit code...

FileThingie 2.5.7 Remote Shell Upload

Exploit Title: FileThingie 2.5.7 - Arbitrary File Upload Author: Cakes Discovery Date: 2019-09-03 Vendor Homepage: www.solitude.dk/filethingie Software Link: https://github.com/leefish/filethingie/archive/master.zip Tested Version: 2.5.7 Tested on OS: CentOS 7 CVE: N/A Intro: Easy arbitrary file...

AutoRDPwn v5.0 - The Shadow Attack Framework

AutoRDPwn is a post-exploitation framework created in Powershell, designed primarily to automate the Shadow attack on Microsoft Windows computers. This vulnerability listed as a feature by Microsoft allows a remote attacker to view his victim's desktop without his consent, and even control it...

CVE-2019-14923

EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/toolall/ host field...

CVE-2019-12325

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device DoS without authentication or execute code authenticated as a user to spawn a remote shell as a root user...

Buffer overflow

The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device DoS without authentication or execute code authenticated as a user to spawn a remote shell as a root user...

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

Command injection

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

CVE-2019-1576

CVE-2019-1576: Command injection in PAN-OS affects PAN-OS 9.0.2 and earlier via the PAN-OS CLI. An authenticated attacker could exploit a failure in input handling to execute arbitrary commands and gain a remote shell with escalated permissions. The root cause is improper filtering during constru...

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

Command Injection in PAN-OS

A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface CLI. Ref PAN-111872/ CVE-2019-1576 Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s...

Command Injection in PAN-OS

A command injection vulnerability exists in the Palo Alto Networks PAN-OS Command Line Interface CLI. Ref PAN-111872/ CVE-2019-1576 Successful exploitation of this issue may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s...