This Metasploit module exploits a code execution flaw in SonicWALL GMS. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the Web Administration interface allows to abuse the "appliance" application and upload an arbitrary payload embedded in a JSP. The module has been tested successfully on SonicWALL GMS 6.0.6017 over Windows 2003 SP2 and SonicWALL GMS 6.0.6022 Virtual Appliance (Linux). On the Virtual Appliance the linux meterpreter hasn't run successfully while testing, shell payload have been used.
e1755ee13c8e3130d551fa7c0d3ecece903c21cf67a088b1e4b09747d286333eThis Metasploit module exploits a command execution vulnerability in ZoneMinder Video Server version 1.24.0 to 1.25.0 which could be abused to allow authenticated users to execute arbitrary commands under the context of the web server user. The 'packageControl' function in the 'includes/actions.php' file calls 'exec()' with user controlled data from the 'runState' parameter.
aab8ea5a52b4b1c07ba62aed307dd92f1f1c1d23d97428d0d5e53e113be8bd88ImageCMS version 4.0.0b suffers from a remote SQL injection vulnerability.
dab259c677dad17569f8bec4bfa64b9599c3eb013af898a54a8b8877e13866e9gpEasy versions 3.5.2 and below suffer from a cross site scripting vulnerability.
2dc3fcb40ee31bd9c049b43ec0c77e275d5473b440347fe361bfca8aac646b12Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.
7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cdMultiple Barracuda Networks products suffer from having static backdoor accounts that allow for remote administrative access via SSH.
af0eddb146ce4e92db04a06f9cdbbf1edfc91930d2dab115922735f39815e502This Metasploit module will inject a payload into memory of a process. If a payload isn't selected, then it'll default to a reverse x86 TCP meterpreter. If the PID datastore option isn't specified, then it'll inject into notepad.exe instead.
19c7c53f42d760a9afadc94975ca390c02a34390696f9912af9f0ec1463460e1The WordPress Chocolate theme suffers from cross site scripting, denial of service, path disclosure, abuse of functionality, and remote shell upload vulnerabilities.
0a3fbe3735d9d16287a5efb8d639939ce812da95e23a71e2a0731c6b0b790dcbWeboptima CMS suffers from add administrator and remote shell upload vulnerabilities.
fc99f270ff007095d824949c224a7ce7178b34040bce8b1aaa503770f5db42fcThis Metasploit module abuses the AverageRangeStatisticImpl from a Java Applet to run arbitrary Java code outside of the sandbox, a different exploit vector than the one exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
d60e88d1c35ce2c590ccaca3bb69232e1fa72e0dc95b7d237cae3e89eaf0668aThis Metasploit module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier.
56cdda70d19b81c54b81eafca0cce9a0e594a89c837b327c0ae866038e17e745F5 BIG-IP versions 11.2.0 and below suffer from a remote SQL injection vulnerability.
075964bff42decb58985c82a10aee244147936d50217dd3f3028ad2948fdffafF5 BIG-IP versions 11.2.0 and below suffer from an XML external entity injection (XXE) vulnerability.
eed88f6727e8539cfd0581fa3d650e62fcb1404306be009618a1f266887154abPerforce P4web 2011 / 2012 web client suffers from a cross site scripting vulnerability.
617c85db0ba45ae0e6e8710dc9ee07e14447bb6cde17dc54cf4cf3502e7be693Digitiliti DigiLIBE Management Console version 3.4 suffers from an execution after redirect vulnerability that discloses sensitive information.
719120bd27d14daa46ac09681c85b85e2cbfc7bad923f1f2976950ab1288798dPayPal.com suffered from a remote blind SQL injection vulnerability.
ae08e1cf7e3491ac17527960e99bea17c28c2b83eadb818d4dd7eb42d50cc4f9Cardoza WordPress Poll plugin version 34.05 suffers from multiple remote SQL injection vulnerabilities.
2d9153c422f4d25e62a9706e7eb42c645c1529854da447f96ed99d51761408ffThe Adult Webmaster Script from yagina.com saves password in a text file within the webroot.
76d4c25a5ff69a225d4172cd5b9894534ece17989a02c397b76a21fc2f21cfd3This Metasploit module receives sensitive information from the WinCC database.
627da9137aaf5c71b77b876b03bb54d07c3d0135bcd88283a54933c5111a7071NConf version 1.3 suffers from remote blind SQL injection vulnerabilities in multiple parameters.
b1c08148508f6134c9f0d2851f20846c44f57baf8af88b56e5f775466bb1906bWordPress Developer Formatter plugin suffers from a cross site request forgery vulnerability.
78e285d9f5fc77132dd3df5c0d64b44914f8e50ebd1bd70540d302691be72048Joomla GarysCookBook version 3.0.x suffers from a remote shell upload vulnerability.
126ffd8e875a7e1ec877fe617947622987f1cd173737ab8cf94795ba740a3f55This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.
86b5c1161bf85a443f8e4b8508791a0ee94d2cdae006c712017aee8069f71402The Aloaha Credential Provider Service is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' group, for the 'AloahaCredentialProviderService.exe' binary file. The service was shipped with Aloaha PDF Saver and possibly every SmartCard Software package from Aloaha. The files are installed in the 'Wrocklage' directory which has the Everyone group assigned to it with full permissions making every single file inside vulnerable to change by any user on the affected machine. After you replace the binary with your rootkit, on reboot you get SYSTEM privileges. Version 5.0.226 is affected.
86f982e569b0f1f904c32d53114ecd09799c64e9d1da2a83c984bcc83bd4171aApache OFBiz versions 10.04.05 and below and 11.04.01 and below suffer from a reflected cross site scripting vulnerability. Full exploitation details provided.
de3b53f54188361189213bbc769aa0b03d6bdceb3374bb700d55cbda2a8f3328
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed