D-Link Cookie Command Execution

This module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This module has been successfully tested ...

Johnson Controls Metasys Unlimited File Upload Vulnerability

Johnson Controls Metasys is a building automation system from Johnson Controls. The system can be networked with weak electronic systems such as fire and security through a variety of open protocols or standard interfaces to provide system integrity for secure access. An unrestricted file upload...