CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

Oracle Solaris Remote Shell Code Execution (CVE-2017-3623)

A security bypass vulnerability has been reported in Oracle Solaris. The vulnerability is due to an error in the way the server validates RPC requests from unauthorized users. A remote attacker can exploit this issue by sending specially crafted RPC requests to the target. Successful exploitation...

Easy File Uploader Remote Shell Upload

Exploit Title: Easy File Uploader - Arbitrary File Upload Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Tested on: GNU/Linux GREETZ: Rodrigo...

LogRhythm Network Monitor - Authentication Bypass / Command Injection

Exploit Title: LogRhythm Network Monitor Auth Bypass Root RCE Public Disclosure Date: 24 Apr 2017 Author: Francesco Oddo Reference: http://security-assessment.com/files/documents/advisory/Logrhythm-NetMonitor-Advisory.pdf Software Link: https://logrhythm.com/network-monitor-freemium/ Version:...

SenNet Data Logger Appliances and Electricity Meters Multiple Vulnerabilities

The remote SenNet Appliances is affected by multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

SenNet Data Logger / Electricity Meter Code Execution

SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities Note: Vendor has released the fix. Details to be documented in ICS-CERT Advisory. About SenNet is a trademark of Satel Spain that offers monitoring and remote-control solutions for businesses. Our engineers develop,...

Ubiquiti Networks Command Injection Vulnerability

Exploit for hardware platform in category web applications ======================================================================= title: Authenticated Command Injection product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23,...

Important: python-crypto

Issue Overview: A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. Affected Packages: python-crypto Issue Correction: Run yum update python-crypto or yum update --advisory ALAS-2017-801 to update your system.Run yum...

Root privilege backdoor vulnerability in DBL Technology GSM voice gateway

DBL Technology is a communication equipment manufacturer located in Shenzhen, China. Its main products include GSM voice gateway, IP telephony gateway, enterprise softswitch, etc., which are mostly used by telephony companies and VoIP service providers. A root privilege backdoor vulnerability...

SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system

Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...

CVE-2017-5169

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Po...

Cross site request forgery (csrf)

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Po...

Hanwha Techwin Smart Security Manager Cross-Site Request Forgery Vulnerability

Hanwha Techwin Smart Security Manager is the software management platform. Hanwha Techwin Smart Security Manager has a cross-site request forgery vulnerability in an installed Redis/Apache Felix Gogo server that can be exploited by an attacker to access a remote shell session...

Hardcoded credentials

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2016-8491

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2016-8491

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2016-8491

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell...

WordPress Exploit Framework

WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Requirements Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command...

CVE-2010-5327

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...