Fortinet FortiGate ZebOS routing remote shell service enabled (FG-IR-15-020)

The Fortinet FortiGate device has the ZebOS routing remote shell service enabled. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if descriptio...

CVE-2016-3129

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server GEMS implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf...

CVE-2016-3129

The CVE-2016-3129 entry describes a remote code execution vulnerability in BlackBerry Good Enterprise Mobility Server (GEMS) via the Apache Karaf command shell. Affected versions are 2.1.5.3 through 2.2.22.25. An attacker can execute commands to gain local administrator rights on the GEMS server....

The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net

Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...

Samba 3.0.0 <= 3.0.25rc3 MS-RPC Remote Shell Command Execution Vulnerability - Version Check

Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora 23 : ghostscript (2016-1c13825502)

This is a rebase of ghostscript package, to address several security issues : - CVE-2016-7977 - .libfile does not honor -dSAFER - CVE-2013-5653 - getenv and filenameforall ignore -dSAFER - CVE-2016-7976 - various userparams allow %pipe% in paths, allowing remote shell - CVE-2016-7978 - reference...

NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access

Exploit for php platform in category web applications NUUO Backdoor stronguser.php Remote Shell Access Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: fileD...

NUUO NVRmini 2 3.0.8 - strong_user.php Backdoor Remote Shell Access

NUUO NVRmini 2 3.0.8 - stronguser.php Backdoor Remote Shell Access NUUO Backdoor stronguser.php Remote Shell Access Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: fileData = file$file; $this-file = $file; else throw new Ex...

NUUO NVRmini 2 3.0.8 - &#039;strong_user.php&#039; Backdoor Remote Shell Access

NUUO Backdoor stronguser.php Remote Shell Access Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: fileData = file$file; $this-file = $file; else throw new Exception"Couldn’t open f...

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access

Iris ID IrisAccess iCAM4000iCAM7000 - Hard-Coded Credentials Remote Shell Access Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/irisaccesssystem/irisaccess4000/...

Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access

Summary The 4th generation IrisAccess™ 7000 series iris recognition solution offered by Iris ID provides fast, secure, and highly accurate, non-contact identification by the iris of the eye. The iCAM7000's versatility and flexibility allows for easy integration with many Wiegand and network based...

Iris ID IrisAccess iCAM4000/iCAM7000 - Hardcoded Credentials Remote Shell Access

Exploit for linux platform in category remote exploits Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/irisaccesssystem/irisaccess4000/...

Iris ID IrisAccess iCAM4000/iCAM7000 - Hard-Coded Credentials Remote Shell Access

Iris ID IrisAccess iCAM4000/iCAM7000 Hardcoded Credentials Remote Shell Access Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/irisaccesssystem/irisaccess4000/ http://www.irisid.com/productssolutions/hardwareproducts/icam4000series/...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the krb5-rsh-server package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

PCMan FTP Server 2.0.7 - &#039;ls&#039; Remote Buffer Overflow (Metasploit)

=begin Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 22-06-2016 Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Exploit Author: quanyechavshuo Contact: [email protected] Website: http://xinghuacai.github.io Category: ft...

Pornhub: [phpobject in cookie] Remote shell/command execution

The researcher was able to exploit a vulnerable deserialization function in PHP leading to remote shell on a production server...

Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command Execution (Metasploit)

Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Gemtek CPE7000 - WLTCS-106 sysconf.cgi Unauthenticated Remote Command...

phpshe backend arbitrary file deletion vulnerability

PHPSHE is the online shopping mall building program. An arbitrary file deletion vulnerability exists in the backend of phpshe. Attackers can utilize the vulnerability to obtain unlimited shell...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

Wordpress VideoWhisper Video Conference Remote Shell Upload Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress VideoWhisper Video Conference Remote Shell Upload Exploit Software Link: http://www.videowhisper.com/ Version:all Version Google dork1: inurl:/wp-content/plugins/VideoWhisper Video Conference/ Google dork2:...