CVE-2019-10123

SQL Injection in Advanced InfoData Systems AIS ESEL-Server 67 which is the backend for the AIS logistics mobile app allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user...

AIS Logistics ESEL-Server SQL Injection / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AIS logistics ESEL-Server Unauth SQL Injection RCE', 'Description' = %q This module will execute an arbitrary payload on an "ESEL" server used by...

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 's...

McAfee ePolicy Orchestrator Authenticated XXE Credential Exposure

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure', 'Description' = %q This module will exploit a...

Have to say by the campus network see Network Security status-vulnerability warning-the black bar safety net

Preface originally really do not want to write this article, but really can not let people endure. Did not expect the school campus network security situation is actually so bad, one of the most impressive Willy-nilly. Or administrator of quality and safety awareness. Status of the recall a year...