1222 matches found
Malicious GIT HTTP Server
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...
WCR-1166DS vulnerable to OS command injection
Overview WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
Remote Code Execution (RCE)
OrientDB Core is vulnerable to remote code execution RCE attacks. Permissions are not enforced on a user executing a statement to the ORole structure containing a where, fetchplan or order by statement. By executing a groovy function where the groovy wrapper doesn't have a sandbox, any system...
OS command injection vulnerability in Toshiba Lighting & Technology Corporation Home gateway
Overview Home gateway provided by Toshiba Lighting & Technology Corporation contains OS command injection. Yutaka Kokubu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
Crypttech CryptoLog - Remote Code Execution (Metasploit)
Crypttech CryptoLog - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql...
Crypttech CryptoLog - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql injection and command injection vulnerability of...
Operating System Command Injection
OS command injection occurs when user supplied input is used to form a command to be executed by the operating system. Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being...
CVE-2014-3582
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster...
The regular expression uses the improper triggering of the system command execution vulnerability-vulnerability warning-the black bar safety net
Sometimes, through a regular expression to the string of white list filter is not good。 This example demonstrates a regular expression in the string to the white list filter of time may lead to the OSCI(Operating System Command Injection)vulnerabilities. 0x01 text The test code is as follows:...
NETGEAR DGN2200 Remote Command Execution
0x00 summary NETGEAR DGN2200 router ping. the cgi script does not have to enter parameters for authentication, the result can be constructed in a specific request to perform system command. 0x01 details Through the capture, the parameters will be pingIPAddr the IP address back add;cmdto perform a...
S2-045: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
Based on the Jakarta plugin plugin Struts remote code execution vulnerability, a malicious user can upload a file by modifying the HTTP request header Content-Type value to trigger the vulnerability, and then execute the system command. Sound detection methodthe detection method by the constant...
dotCMS contains multiple vulnerabilities
Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...
AlienVault OSSIM/USM Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance is a web security gateway solution. An input validation vulnerability in the MgrReport.php file in the web management interface of the Sophos Web Appliance could be exploited by an attacker to submit a special request to inject a system command and execute it...
Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution
This module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.ims...
Palo Alto Networks PanOS root_trace - Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=912 The setuid root executable /usr/local/bin/roottrace essentially just does setuid0 then system"/usr/local/bin/masterd", which is a python script: $ ls -l...
The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net
Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...
Symantec Web Gateway System Command Injection Vulnerability
Symantec Web Gateway is a spam filter that combines anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec USA. A system command injection vulnerability exists in Symantec Web Gateway version 5.2.2. The code for the vulnerability is located in the...
ZKTeco ZKBioSecurity 3.0 hard-coded login credentials and remote system command execution
No description provided by source...
ZYCOO IP Phone System - Remote Command Execution
Exploit for cgi platform in category web applications Vulnerable hardware : ZYCOO IP phone system Vendor : zycoo.com Author : Ahmed sultan @0x4148 Email : email protected Summary : According to the vendor's site , CooVox Series IP Phone System is the most innovative solution for VoIP...