16 matches found
CVE-2014-5073
CVE-2014-5073 affects VMTurbo Operations Manager (vmtadmin.cgi) prior to 4.6 build 28657. The vulnerability allows remote command execution via shell metacharacters in the fileDate parameter of a DOWN call, enabling arbitrary commands. Connected sources indicate public exploitation/public PoCs an...
CVE-2014-5073
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call...
CVE-2014-5073
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call...
Code injection
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call...
VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...
VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' RCE Vulnerability
VMTurbo Operations Manager is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic...
VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution', 'Description' = %q VMTurbo Operations Manager 4.6 and prior ar...
VMTurbo Operations Manager 4.6 - 'vmtadmin.cgi' Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution', 'Description' = %q VMTurbo Operations Manager 4.6 and prior ar...
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution
VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic...
CVE-2014-3806
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. dot dot in the xmlpath parameter...
Directory traversal
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. dot dot in the xmlpath parameter...
CVE-2014-3806
Summary: CVE-2014-3806 is a directory traversal vulnerability in VMTurbo Operations Manager prior to 4.6. The issue occurs in the CGI path cgi-bin/help/doIt.cgi via the xml_path parameter, where a leading dot-dot (..) can be used to read arbitrary files. The vulnerability is remote and affects th...
CVE-2014-3806
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. dot dot in the xmlpath parameter...
Directory Traversal Vulnerability in VMTurbo Operations Manager 4.5 or earlier
Product: VM Turbo Operations Manager Vendor: VM Turbo Vulnerable Versions: 4.5.x earlier Tested Version: 4.0 Advisory Publication: April 11, 2014 Vendor Notification: April 11, 2014 Public Disclosure: May 8, 2014 Vulnerability Type: Directory Traversal Discovered and Provided: Jamal Pecou Securit...
VM Turbo Operations Manager < 4.6 Directory Traversal Vulnerability - Active Check
Turbo Operations Manager is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...