EMC MR (Watch4net) - Credential Disclosure

EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...

EMC M&R (Watch4net) - Credential Disclosure

Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affected products EMC reports that the following...

ElasticSearch Unauthenticated Remote Code Execution Exploit

Exploit for linux platform in category remote exploits !/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set...

RSform!Pro 1.3.0 Remote Shell Upload

RSform!Pro There is a reflected XSS Vulnerability in the form .. Birthdate parameter alert1337...

RStickets! 1.0.0 Remote Shell Upload

RStickets! RSTickets!" is no longer sold / developed POC: Upload shell.php.zip from the form and the shell will be uploaded to the server on this path components/comrstickets/files/ and it will be executable May be another versions are vulnerable also to the same vulnerability = XSS In name...

BMC TrackIt! 11.3 Unauthenticated Local User Password Change

BMC TrackIt! 11.3 Unauthenticated Local User Password Change Trial available here: http://www.trackit.com A Metasploit pull request has been made here: https://github.com/rapid7/metasploit-framework/pull/4359 BMC TrackIt! 11.3 when installed with TrackItWeb! allows an unauthenticated user to chan...

Drupal HTTP Parameter Key/Value SQL Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Drupal HTTP Parameter Key/Value SQL Injection', 'Description' = %q This module exploits the Drupal HTTP Parameter Key/Value SQL...

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

Drupal HTTP Parameter Key/Value SQL Injection

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...

WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found a serious security vulnerability in the Slideshow Gallery plugin. This bug allows an attacker to upload any php file remotely to the vulnerable website administrator by default. I have tested and verified that having the current version of the...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Python !/usr/bin/env python WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability CVE-2014-5460 Vulnerability discovered by: Jesus...

WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability

No description provided by source. Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage: http://tribulant.com/ Software: Slideshow...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload

Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage: http://tribulant.com/ Software: Slideshow Gallery Version: 1.4.6 Software Lin...

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage:...

Kiddo - remote shell upload

The kiddo WordPress theme was affected by a remote shell upload security vulnerability...

ThisWay - remote shell upload

The thisway WordPress theme was affected by a remote shell upload security vulnerability...

Amerisale-Re - Remote Shell Upload

The amerisale-re WordPress plugin was affected by a Remote Shell Upload security vulnerability...

FCKeditor Deans With Pwwangs Code <= 1.0.0 - Remote Shell Upload

The deans-fckeditor-with-pwwangs-code-plugin-for-wordpress WordPress plugin was affected by a Remote Shell Upload security vulnerability...

Raritan PowerIQ 4.1.0 - SQL Injection Vulnerability

Exploit for linux platform in category web applications =begin Raritan PowerIQ suffers from an unauthenticated SQL injection vulnerability within an endpoint used during initial configuration of the licensing for the product. This endpoint is still available after the appliance has been fully...

Node Browserify 4.2.0 - Remote Code Execution

Node Browserify 4.2.0 - Remote Code Execution !/usr/bin/python """ Browserify POC exploit http://iops.io/blog/browserify-rce-vulnerability/ To run, just do: $ python poc.py exploit.js $ browserify exploit.js BITCH I TOLD YOU THIS SHIT IS FABULOUS garbage output ,,,1 00:08:32 up 12:29, 3 users, lo...