This Metasploit module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.
4f033af844cdd623331a0bd422e02eb8ac32fdbef2908dd0e003506fe068e0b1
Cisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability.
96c706f91c3a5f744fbbc0b57a7b74560a10053170e63931f5e7a21c6402b759
Hornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.
2eeb3aa7245d5145d3ec988798da4951d75aef73c27a476bcea507ba736fbb89
D-Link DIR-615 and DIR-300 suffer from cross site request forgery, OS command injection, lack of cryptographic storage, header injection, and cross site scripting vulnerabilities.
d92d1912f11dbbae5692e74866d76e755ce2c196d6f9a7fa689ae37251fd787e
SMF version 2.0.4 suffers from a remote PHP code injection vulnerability.
fb1fdb9f88f7a10a68b514edae1cd6ba816517347156676b1a236c8ed23c784b
This Metasploit module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
bb2929226a8a08e2945d6536acc0a7c67d0777ced5120b0ffa098ac076125760
Janissaries Joomla Civicrm component exploitation tool that uploads a shell.
a0d2608dc143c3c9606df7b7c625c70c510de3c71f8eee4f0a1e2f23601c835a
vBilling for FreeSWITCH suffers from multiple remote SQL injection vulnerabilities.
994b7109cb3e6f3b6c77edff6f1e8d54a0117e5090c812694dab17f3c64c0b94
Voipnow versions prior to 2.4 suffer from a local file inclusion vulnerability.
5f8b1e30f3b26f1cabfeb8f86d5e39caef2af77ca0acaaf3655a8471c3848751
jPlayer versions prior to 2.2.23 suffers from cross site scripting and content spoofing vulnerabilities.
f94ef8fdaa3dc74661bbc1b8766b3b3b4a20d05453c794dd0c73d914c5ee1c5e
WordPress Colormix theme suffers from cross site scripting, path disclosure, and content spoofing vulnerabilities.
1a6d8b2caf5b79f12115a437ecd623f9858b32df35626257b4cff71c1392af40
Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This Metasploit module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.
91dc01de9600bf71b1bfb0fa39d3c499055961c38a5e9d02115d91d6d11e4a4d
MinaliC Webserver version 2.0.0 buffer overflow exploit that binds a shell to port 4444. Works on Windows Server 2003 SP3 only.
0f734001f936a5b891c34b75bd2c451e9c1b32b8939d772c3c1bc8137fb7edaf
Tienda Online CMS suffers from a cross site scripting vulnerability. The vendor has been notified of this issue. Note that this advisory has site-specific information.
93c112b74801b7c8122b5ecd4a34425111ec9659a7a46158160325e36fe93bcd
Foxit Reader versions 5.4.3.x through 5.4.5.0124 suffer from a PDF XREF parsing denial of service vulnerability.
19bacc90bb3d86146efc71f544560d5d5e3e59ead41717335c428f05caf1d821
KIK Messenger stores its password in cleartext in a plist file.
0579b4c687a6995f97f2d6c82bbc27bbe71cdfdc50cd2900d2923969eb5e3642
Crafty Syntax Live Help versions 2.x and 3.x suffer from path disclosure and remote file inclusion vulnerabilities.
9b378157ba94b5a10193ab6a2ec5d79ce9881775be424528a0b05b1ceec52d09
TP-LINK TL-WR741N / TL-WR741ND suffers from multiple remote denial of service device freezing conditions.
632658f3b24d25123b080a924d247c4f29a9d2dbca90b5a0d69e54046c595d73
nginx version 0.6.x suffers from an arbitrary code execution vulnerability due to a nullbyte injection issue.
80b271bc4dd413adecf25945a99a831e3725d128f9974c5542da05bc9ff3daf3
This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.
bd22164e93c481f2adee97758ca447db0d47658f7a4544609432a32799d8b8d3
Cisco ASA versions 8.4(2), 8.4(5), and 9.1(1) suffer from a group name enumeration vulnerability in their IKE implementation.
7a3a1b289b63638a076af1a5703754d8bf858f40ec5baec07c9f385998b4caad
Fork CMS suffers from a local file inclusion vulnerability.
dc9c3676bed4b6dd47b65dcd79362c247ada9470a4af9cb6c2e29524e8645942
Fork CMS suffers from a cross site request forgery vulnerability.
b1f5869ab5f633d45b74847ab258441ea7cf30e564f771344d4b1c00f8ba8c27
Fork CMS suffers from a stored cross site scripting vulnerability.
8c5fae34f52db9b2663429d8f941353d9efee87ca897544f51278843d7e9d2b8
SWFUpload suffers from cross site scripting, cross site request forgery, and object injection vulnerabilities.
88f9aac6098d0e3258845fe60905a4307536ba1d86078b4b59c2122b60d3ea28