This Metasploit module exploits a code execution flaw in SonicWALL GMS. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the Web Administration interface allows to abuse the "appliance" application and upload an arbitrary payload embedded in a JSP. The module has been tested successfully on SonicWALL GMS 6.0.6017 over Windows 2003 SP2 and SonicWALL GMS 6.0.6022 Virtual Appliance (Linux). On the Virtual Appliance the linux meterpreter hasn't run successfully while testing, shell payload have been used.
e1755ee13c8e3130d551fa7c0d3ecece903c21cf67a088b1e4b09747d286333e
This Metasploit module exploits a command execution vulnerability in ZoneMinder Video Server version 1.24.0 to 1.25.0 which could be abused to allow authenticated users to execute arbitrary commands under the context of the web server user. The 'packageControl' function in the 'includes/actions.php' file calls 'exec()' with user controlled data from the 'runState' parameter.
aab8ea5a52b4b1c07ba62aed307dd92f1f1c1d23d97428d0d5e53e113be8bd88
ImageCMS version 4.0.0b suffers from a remote SQL injection vulnerability.
dab259c677dad17569f8bec4bfa64b9599c3eb013af898a54a8b8877e13866e9
gpEasy versions 3.5.2 and below suffer from a cross site scripting vulnerability.
2dc3fcb40ee31bd9c049b43ec0c77e275d5473b440347fe361bfca8aac646b12
Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.
7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cd
Multiple Barracuda Networks products suffer from having static backdoor accounts that allow for remote administrative access via SSH.
af0eddb146ce4e92db04a06f9cdbbf1edfc91930d2dab115922735f39815e502
This Metasploit module will inject a payload into memory of a process. If a payload isn't selected, then it'll default to a reverse x86 TCP meterpreter. If the PID datastore option isn't specified, then it'll inject into notepad.exe instead.
19c7c53f42d760a9afadc94975ca390c02a34390696f9912af9f0ec1463460e1
The WordPress Chocolate theme suffers from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.
0a3fbe3735d9d16287a5efb8d639939ce812da95e23a71e2a0731c6b0b790dcb
Weboptima CMS suffers from add administrator and remote shell upload vulnerabilities.
fc99f270ff007095d824949c224a7ce7178b34040bce8b1aaa503770f5db42fc
This Metasploit module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
d60e88d1c35ce2c590ccaca3bb69232e1fa72e0dc95b7d237cae3e89eaf0668a
This Metasploit module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.
56cdda70d19b81c54b81eafca0cce9a0e594a89c837b327c0ae866038e17e745
F5 BIG-IP versions 11.2.0 and below suffer from a remote SQL injection vulnerability.
075964bff42decb58985c82a10aee244147936d50217dd3f3028ad2948fdffaf
F5 BIG-IP versions 11.2.0 and below suffer from an XML external entity injection (XXE) vulnerability.
eed88f6727e8539cfd0581fa3d650e62fcb1404306be009618a1f266887154ab
Perforce P4web 2011 / 2012 web client suffers from a cross site scripting vulnerability.
617c85db0ba45ae0e6e8710dc9ee07e14447bb6cde17dc54cf4cf3502e7be693
Digitiliti DigiLIBE Management Console version 3.4 suffers from an execution after redirect vulnerability that discloses sensitive information.
719120bd27d14daa46ac09681c85b85e2cbfc7bad923f1f2976950ab1288798d
PayPal.com suffered from a remote blind SQL injection vulnerability.
ae08e1cf7e3491ac17527960e99bea17c28c2b83eadb818d4dd7eb42d50cc4f9
Cardoza WordPress Poll plugin version 34.05 suffers from multiple remote SQL injection vulnerabilities.
2d9153c422f4d25e62a9706e7eb42c645c1529854da447f96ed99d51761408ff
The Adult Webmaster Script from yagina.com saves password in a text file within the webroot.
76d4c25a5ff69a225d4172cd5b9894534ece17989a02c397b76a21fc2f21cfd3
This Metasploit module receives sensitive information from the WinCC database.
627da9137aaf5c71b77b876b03bb54d07c3d0135bcd88283a54933c5111a7071
NConf version 1.3 suffers from remote blind SQL injection vulnerabilities in multiple parameters.
b1c08148508f6134c9f0d2851f20846c44f57baf8af88b56e5f775466bb1906b
WordPress Developer Formatter plugin suffers from a cross site request forgery vulnerability.
78e285d9f5fc77132dd3df5c0d64b44914f8e50ebd1bd70540d302691be72048
Joomla GarysCookBook version 3.0.x suffers from a remote shell upload vulnerability.
126ffd8e875a7e1ec877fe617947622987f1cd173737ab8cf94795ba740a3f55
This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.
86b5c1161bf85a443f8e4b8508791a0ee94d2cdae006c712017aee8069f71402
The Aloaha Credential Provider Service is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' group, for the 'AloahaCredentialProviderService.exe' binary file. The service was shipped with Aloaha PDF Saver and possibly every SmartCard Software package from Aloaha. The files are installed in the 'Wrocklage' directory which has the Everyone group assigned to it with full permissions making every single file inside vulnerable to change by any user on the affected machine. After you replace the binary with your rootkit, on reboot you get SYSTEM privileges. Version 5.0.226 is affected.
86f982e569b0f1f904c32d53114ecd09799c64e9d1da2a83c984bcc83bd4171a
Apache OFBiz versions 10.04.05 and below and 11.04.01 and below suffer from a reflected cross site scripting vulnerability. Full exploitation details provided.
de3b53f54188361189213bbc769aa0b03d6bdceb3374bb700d55cbda2a8f3328