2179 matches found
CVE-2017-6079
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...
Command injection
The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side fro...
Backdoor Detection
The scanner was able to determine that a possible web backdoor or web shell exists on the remote web server by utilizing the same methods as cyber-criminals. If a server has been previously compromised, there is a high probability that the cyber-criminal has installed a backdoor so that they can...
A Red Teamer’s guide to pivoting
A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...
dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting
dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...
dnaLIMS DNA Sequencing - Directory Traversal / Session Hijacking / Cross-Site Scripting
Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU:...
dnaLIMS Code Execution / XSS / Traversal / Session Hijacking Vulnerabilities
dnaLIMS DNA sequencing application suffers from an improperly protected web shell, a directory traversal, insecure password storage, session hijacking, cross site scripting, and improperly protected content vulnerabilities. Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing...
CVE-2017-6526
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...
Command injection
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...
CVE-2017-6526
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests...
CVE-2017-6526
CVE-2017-6526 affects dnaTools dnaLIMS 4-2015s13. An unauthenticated command-execution flaw exists via an improperly protected administrative web shell at cgi-bin/dna/sysAdmin.cgi, triggered by POST requests. Public sources describe that the web interface bypasses authentication, enabling remote ...
CVE-2017-6526
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell cgi-bin/dna/sysAdmin.cgi POST requests. Recent assessments: h00die at March 27, 2020 4:16pm UTC reported: The Admin console...
Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation Vulnerabilities
Teradici Management Console version 2.2.0 suffers from privilege escalation and remote shell upload vulnerabilities Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...
Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation
Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console Software Link:...
Teradici Management Console 2.2.0 - Privilege Escalation
Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...
Teradici Management Console 2.2.0 - Privilege Escalation
Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console Software Link:...
Input validation
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
CVE-2017-5219
An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...
POSNIC Unauthenticated Remote Code Execution
Exploit Title : POSNIC all versiontill 1.03 unauthenticated remote code execution Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 01/02/2017 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Discovered At : Indishe...