Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques

A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...

Node.js third-party modules: Unrestricted file upload (RCE)

I would like to report an unrestricted file upload in express-cart. It allows a user with administrative privileges to upload a file to any path. Module module name: express-cart version: 1.1.5 npm page: https://www.npmjs.com/package/express-cart Module Description expressCart is a fully function...

File Upload Vulnerability in DedeCMS v5.7 SP2

Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the uploads/include/uploadsafe.inc.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload script files and obtain a webshell...

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...

TestLink Open Source Test Management Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Exploit

Exploit for linux platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-add...

Code Execution Vulnerability in HAIRUICMS v2.1.4 Site.asp File

HAIRUICMS HAIRUICMS is developed by HAIRUICMS based on Microsoft ASP and general ACCESS/MSSQL database. A code execution vulnerability exists in the HAIRUICMS v2.1.4 Site.asp file. The vulnerability is due to the incoming parameters are not filtered directly spliced into the configuration file, t...

File Upload Vulnerability in KingCMS Version v5.1

KingCMS is a set of easy to learn, simple to operate open source content management system CMS, support for PHP + sqLite3/MySQL and ASP + ACCESS/MSSQL, dedicated to the professional development of oriented programs and enterprise website construction system. A file upload vulnerability exists in...

TestLink Open Source Test Management &lt; 1.9.16 - Remote Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e change line skip-netw...

TestLink Open Source Test Management Remote Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

CVE-2018-7271

CVE-2018-7271 affects MetInfo 6.0.0. In the installer (install/install.php), the config/config_db.php filtering during installation is insufficient, allowing an attacker to inject malicious code and potentially execute arbitrary commands or obtain a web shell. The root cause is sloppy filtering o...

CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

Cambium Networks cnPilot Backdoor Access Elevation of Privilege Vulnerability

Cambium Networks cnPilot is a cloud-enabled managed single-band router product from Cambium Networks, USA. A security vulnerability exists in Cambium Networks cnPilot using firmware version 4.3.2-R4 and earlier. An attacker can exploit the vulnerability by accessing the web shell using the...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

Path traversal

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2017-5259

Cambium Networks cnPilot firmware versions 4.3.2-R4 and earlier are affected by CVE-2017-5259, which exposes an undocumented root-privilege admin web shell. The vulnerability is accessible via the HTTP path https:///adm/syscmd.asp and is described as a backdoor that allows execution of arbitrary ...

PT-2017-16427

Name of the Vulnerable Software and Affected Versions: Cambium Networks cnPilot firmware versions 4.3.2-R4 and prior Description: The issue concerns an undocumented, root-privilege administration web shell accessible via a specific HTTP path. This path is "https:///adm/syscmd.asp". Recommendation...