This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.
8ea98d2b410cde645149d0474ad59d7f8e2ce8335f863b066bd6f8eb38a90c6ePeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability.
6f27a9a828724a7736a1b7f2889f126f8efc3b2f3c3807b27c60ee7904f9b16eTeleves COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.
9baff8fd7ea7ecdd219dd2f97ec0f608150440181c7874a88448885e8ba30f70NEC Universe UM4730 versions prior to 11.8 suffers from a remote SQL injection vulnerability.
9bc22dbc596c325410c6890c434f2f7104984b425924ee7352b1260be9487f23Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
5292643705b2a592ce4d79010191e3052ef98b5f67f2a9fe9356b30677b6295eVirtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
816fa95055239cb95ffb77c4c4aac690fbdb7a852cd92f2696db296e8f9c9146SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
29ee0636ad9ced1631d22d05accf2192ac275e9c7db76dfbc702f6ec0720de02Joomla JoomRecipe component version 1.0.4 suffers from a remote SQL injection vulnerability in search_author.
cc8c058cfc344b67f751b343f7b09d92e456db747390c2e927e12e9a6ed81785Sonicwall Secure Remote Access (SRA) version 8.1.0.2-14sv suffers from a remote command injection vulnerability.
058ee4560dcd1576fb23b43fa5fe3a3d28b656aedb5f932919ce0ded272f97b3WordPress Task Manager Pro version 1.31 suffers from multiple cross site scripting vulnerabilities.
0ab5b7ff53cae033bdc9d97690414d0d194da945e56fab67995ebaee9abbcdc2Citrix CloudBridge suffers from a CAKEPHP pre-authentication remote root cookie command injection vulnerability.
ed35a3243301479f8f9b453927d581a3dab42f8438d6ee27f9608582962fb66fSonicwall version 8.1.0.2-14sv importlogo/sitecustomization remote command execution exploit.
bad044d4acf954bf0f910ffc7f39881c4498bc687a9f36640cd739cd6638bdc3Citrix SD-WAN version 9.1.2.26.561201 logout cookie pre-authentication remote command injection exploit.
a9d18103386b7c5413eb695eaee5e1020ef143fa405d4b964605ff5561db732dSonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
329940cf4063e7a9fb0d94eae38b5e003d9143b085469fa57ef97279bed2d20eMicrosoft Internet Explorer suffers from a VBScript arithmetic function type confusion vulnerability.
f40f028ace681031a746b0e8ecc785e770f04baf897fa1f1b397ec507e8a1a00Bitcoin Core Wallet version 0.14.2 proof of concept crash exploit discovered while fuzzing.
227422a7226384706d19cbd6aad8395f75a94cb2710b5fb7d7a3539b4dc90ddbBarracuda Load Balancer Firmware versions 6.0.1.006 (2016-08-19) and below post-authentication remote root exploit.
761cc64c788d41c81b773e2661fb538a8d4516f8a3c77082756bc9a65c69ee93Various GPC Sanitization bypasses exist in Cisco WebEx that can permit from arbitrary remote command execution.
2742e774481d9cd4f1486925a8d6d0f5cd50b3e1c50f16db34aa9fee06887044Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.
c58903dd193f7839cd836f12f61a126151db2248cb30e60241e98c8ec782dd43The Microsoft Windows kernel suffers from a nsiproxy/netio pool memory disclosure vulnerability in the handling of IOCTL 0x120007 (NsiGetParameter).
8229d08febcaa9bd8c80abedcecc4b916525c1c1c631b418d8e2c05fc4e24759Sophos Web Appliance version 4.3.0.2 reporting JSON trafficType remote command injection exploit.
b7c8712bb8d62608c24d118744810037b7c47dba41c89048cac2b15b57b84234Hashicorp vagrant-vmware-fusion versions 4.0.20 and below suffer from a local root privilege escalation vulnerability.
abdc50db20a101b047974cc99ce3df26fbc159554720c0b62b943a6f559177efPEGA Platform versions 7.2 ML0 and below suffer from missing access control and cross site scripting vulnerabilities.
20e1a6dbc16ac5196217cef7e109e692ddfeba3348cfea759557d84256536b9dDotCMS version 4.1.1 suffers from a remote shell upload vulnerability.
e4c3a573a9e295eb33e393e863f9b9d0de5b31c1e1cab1d466e26029dd1e2363Orangescrum version 1.6.1 suffers from cross site scripting and remote file upload vulnerabilities.
106418e31fa4cbf360e7471d81c2df8932c71452c44b9ba4675115930b0547d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed