ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation

ISPConfig 3.0.54p1 - Authenticated Admin Privilege Escalation Exploit Title: ISPConfig 3 authenticated admin Localroot vulnerability Date: 7/25/14 Exploit Author: mra Vendor Homepage: http://wwwispconfig.org Version: 3.0.54p1 Tested on: ubuntu, centos irc.criten.net elite-chat While logged in as...

The Java Debugger exploits and fixes-vulnerability warning-the black bar safety net

0x0 Foreword Recently found an interesting vulnerability-JAVA open the Debugger mode can execute arbitrary system commands. Need certain Use Conditions, you have to be open to debug the process of setting up a breakpoint, and then use this breakpoint to execute the command of the operation. 0x1...

SmarterStats 6.0 - Multiple Vulnerabilities

No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...

jaf cms 4.0 rc2 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22665 Reference: http://www.htbridge.ch/advisory/shellcreatecommandexecutioninjafcms.html Product: JAF CMS Vendor: JAF CMS http://jaf-cms.sourceforge.net/ Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability Type:...

Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3139/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. A buffer overflow has been discovered in the handling of $ORACLEHOME ...

Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed...

Feixun Wireless Router FWR-604H - Remote Code Execution Exploit

No description provided by source. Exploit Title: Feixun FWR-604H Wireless Router Remote Code Execution Date: 2014-01-09 Exploit Author: Arash Abedian http://www.exploit-db.com/author/?a=6187http://www.exploit-db.com/author/?a=6187 Vendor Homepage: http://feixun.com.cn Version: Hardware Version...

SHOUTcast <= 1.9.4 File Request Format String Exploit (Leaked)

No description provided by source. / Shoutcast = 1.9.4 exploit by crash-x Trys to upload the shellcode to a fixed address and execute it. This exploit was not written bei Simon 'Zodiac' Moser segfault.ch. / include stdio.h include stdlib.h include stdarg.h include string.h include sys/types.h...

CVE-2014-3981

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...

MS-DOS: Arbitrary command execution in MS-DOS

Versions 1.1 and 2.0 of MS-DOS allow a malicious actor to execute arbitrary system commands via the main application interface. Prerequisites: MS-DOS 1.1 or MS-DOS 2.0 installation Input device e.g. keyboard Steps to reproduce: Enter the command mode Type VER to make sure that the system is on of...

Cisco Releases Security Advisory for Cisco Secure Access Control System

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System ACS. These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS...

Feixun Wireless Router FWR-604H - Remote Code Execution

Feixun Wireless Router FWR-604H - Remote Code Execution Exploit Title: Feixun FWR-604H Wireless Router Remote Code Execution Date: 2014-01-09 Exploit Author: Arash Abedian http://www.exploit-db.com/author/?a=6187 Vendor Homepage: http://feixun.com.cn Version: Hardware Version 1.0, Firmware Build:...

Feixun Wireless Router FWR-604H - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Feixun FWR-604H Wireless Router Remote Code Execution Date: 2014-01-09 Exploit Author: Arash Abedian Vendor Homepage: http://feixun.com.cn Version: Hardware Version 1.0, Firmware Build: 7642 Tested on: Hardware Version 1.0,...

Feixun Wireless Router FWR-604H - Remote Code Execution

Exploit Title: Feixun FWR-604H Wireless Router Remote Code Execution Date: 2014-01-09 Exploit Author: Arash Abedian http://www.exploit-db.com/author/?a=6187 Vendor Homepage: http://feixun.com.cn Version: Hardware Version 1.0, Firmware Build: 7642 Tested on: Hardware Version 1.0, Firmware Build:...

Feixun FWR-604H Remote Command Execution

Exploit Title: Feixun FWR-604H Wireless Router Remote Code Execution Date: 2014-01-09 Exploit Author: Arash Abedian http://www.exploit-db.com/author/?a=6187 Vendor Homepage: http://feixun.com.cn Version: Hardware Version 1.0, Firmware Build: 7642 Tested on: Hardware Version 1.0, Firmware Build:...

GLPI 0.84.1 - Multiple Vulnerabilities

GLPI version 0.84.1 suffers from improper access control bypass and PHP code injection vulnerabilities. Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification:...

ZPanel 10.0.0.2 htpasswd Module Username Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZPanel 10.0.0.2...

PHP create_function injection command execution vulnerability-vulnerability warning-the black bar safety net

In PHP use createfunctionto create an anonymous function, if not strictly to the parameters passed to the filter, the attacker can construct a special string passed to createfunctionto execute arbitrary commands. In the following code as an example: ? php //how to exp this code...

Xoops 2.3.2 Remote Code Execution

!/usr/bin/env python Title: Xoops 2.3.2 "mydirname" Remote Code Execution Exploit CVE: ????-???? Reference: http://secunia.com/advisories/33435/ Author: infodox Site: http://insecurety.net/ Twitter: @infodox Old news, just practicin' my python :3 import requests import sys vulnurl =...

GLSA-201209-08 : SquidClamav: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201209-08 SquidClamav: Denial of Service SquidClamav does not properly escape URLs before passing them to the system command call. Impact : A remote attacker could send a specially crafted URL to SquidClamav, possibly resulting in...