ignore security and it'll go away
Showing 1 - 25 of 300 RSS Feed

Files from rgod

First Active2005-06-18
Last Active2017-07-12
EMC Undocumented Accounts
Posted Jul 12, 2017
Authored by rgod | Site emc.com

EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R for SAS Solution Packs contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

tags | advisory, remote, web, arbitrary
advisories | CVE-2017-8011
MD5 | d7658f06bf5a32b13365a7b0df94c860
EMC Data Protection Advisor SQL Injection / Path Traversal
Posted Jul 7, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2017-8002, CVE-2017-8003
MD5 | bb15dd92d582999bd00052456097ccf3
VASA Provider Virtual Appliance 8.3.x Remote Code Execution
Posted Jun 29, 2017
Authored by rgod | Site emc.com

VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.

tags | advisory, remote, arbitrary, root, code execution
advisories | CVE-2017-4997
MD5 | 7a04bf5491d9f34fb55f1d0f811bed79
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
Posted Apr 22, 2016
Authored by rgod, Zhou Yu | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2016-0854
MD5 | 0cd699d2ba08a1eea8e330908b98312a
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling
Posted Apr 6, 2015
Authored by rgod, mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication. The second problem is that the settings-new.jsp file will only check the 'username' attribute before authorizing the 'uploadFile' action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module's References section.

tags | exploit, web, arbitrary, vulnerability, code execution
advisories | CVE-2015-2284, OSVDB-81634
MD5 | 3c9531f839e4a854197540d7030b14ad
SolarWinds Storage Manager Authentication Bypass
Posted Sep 12, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This Metasploit module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

tags | exploit, remote, code execution, bypass, file upload
systems | linux, windows
MD5 | 5e9d54bbc0c3892de9affde657fd7a34
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Posted Jul 6, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2014-2424
MD5 | 9d69dc85531e3581628bc568a2fac8f2
HP AutoPass License Server File Upload
Posted Jun 27, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-6221
MD5 | 3209b299f33911d071ed8ed5db8462cc
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
Posted Jun 17, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses several directory traversal flaws in Rocket Servergraph Admin Center for Tivoli Storage Manager. The issues exist in the fileRequestor servlet, allowing a remote attacker to write arbitrary files and execute commands with administrative privileges. This Metasploit module has been tested successfully on Rocket ServerGraph 1.2 over Windows 2008 R2 64 bits, Windows 7 SP1 32 bits and Ubuntu 12.04 64 bits.

tags | exploit, remote, arbitrary
systems | linux, windows, ubuntu, 7
advisories | CVE-2014-3914
MD5 | 9179b5c8a6e501cfaae32462b97b7468
Symantec Workspace Streaming Arbitrary File Upload
Posted May 20, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.

tags | exploit, remote, arbitrary, root, code execution
systems | windows
advisories | CVE-2014-1649
MD5 | 3fd8e8cacb6bdc783c86fc4797d7f2f5
IBM Forms Viewer Unicode Buffer Overflow
Posted Jan 3, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows, xp, 7
advisories | CVE-2013-5447
MD5 | 934e609ca11e09357b857cfb77ad41d6
HP SiteScope issueSiebelCmd Remote Code Execution
Posted Dec 23, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.

tags | exploit, web, arbitrary, code execution
systems | linux, windows, centos
advisories | CVE-2013-4835, OSVDB-99230
MD5 | c47155aa1ec6b6ddf7fc0aa35c3a1e77
EMC Data Protection Advisor Remote Code Execution
Posted Dec 10, 2013
Authored by rgod | Site retrogod.altervista.org

EMC Data Protection Advisor version 5.8 sp5 suffers from a DPA Illuminator EJBInvokerServlet remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | 19edac034d235467282580bde6d60025
Cisco Prime Data Center Network Manager Arbitrary File Upload
Posted Dec 3, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This Metasploit module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).

tags | exploit, remote, arbitrary, code execution
systems | cisco, windows
advisories | CVE-2013-5486, OSVDB-97426
MD5 | ea01f3db936835a291f78881e7efe92b
Symantec Workspace Streaming 7.5.0.493 Rmote Code Execution
Posted Oct 25, 2013
Authored by rgod | Site retrogod.altervista.org

Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
MD5 | 2aad250d3d484f61dcba691bf8f771ed
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Posted Oct 22, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This Metasploit module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4822, OSVDB-98247
MD5 | 5b6c74bf1d30a76413f8e41d4e3caee2
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Code Execution
Posted Oct 4, 2013
Authored by rgod | Site retrogod.altervista.org

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) marshalled object remote code execution exploit.

tags | exploit, remote, web, code execution
MD5 | 9b6d4b70aced1d8057141670d07cc07b
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
Posted Oct 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.

tags | exploit, remote, code execution, activex
systems | windows, xp, 7
advisories | OSVDB-93696
MD5 | 28ccc8a6b178310297fa38093831ae80
HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
Posted Sep 17, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateDomainControllerServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This Metasploit module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.

tags | exploit, arbitrary
advisories | CVE-2013-4811, OSVDB-97154
MD5 | b584e9123b4299224757d83b6266d5e8
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
Posted Sep 17, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateCertificatesServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This Metasploit module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.

tags | exploit, arbitrary
advisories | CVE-2013-4812, OSVDB-97155
MD5 | 655ea7e5a3301cf06fe81698db51eafa
HP SiteScope Remote Code Execution
Posted Sep 9, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists on the opcactivate.vbs script, which is reachable from the APIBSMIntegrationImpl AXIS service, and uses WScript.Shell.run() to execute cmd.exe with user provided data. Note which the opcactivate.vbs component is installed with the (optional) HP Operations Agent component. The module has been tested successfully on HP SiteScope 11.20 (with HP Operations Agent) over Windows 2003 SP2.

tags | exploit, shell, code execution
systems | windows
advisories | CVE-2013-2367, OSVDB-95824
MD5 | 54e615e8ccdc8c83cefabd5dc954b93a
HP LoadRunner lrFileIOService ActiveX Remote Code Execution
Posted Aug 29, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileBinary method where user provided data is used as a memory pointer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the LrWebIERREWrapper.dll 11.50.2216.0. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with HP LoadRunner.

tags | exploit, activex
systems | windows, xp
advisories | CVE-2013-2370, OSVDB-95640
MD5 | 8abb525c779efa76355554b3961f0bbc
Oracle Endeca Server Remote Command Execution
Posted Aug 24, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).

tags | exploit, web
systems | windows
advisories | CVE-2013-3763, OSVDB-95269
MD5 | a65491552879676cea937b2b2daf6d8d
Cogent DataHub HTTP Server Buffer Overflow
Posted Aug 18, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack based buffer overflow on Cogent DataHub 7.3.0. The vulnerability exists in the HTTP server - while handling HTTP headers, a strncpy() function is used in a dangerous way. This Metasploit module has been tested successfully on Cogent DataHub 7.3.0 (Demo) on Windows XP SP3.

tags | exploit, web, overflow
systems | windows, xp
advisories | OSVDB-95819
MD5 | 838db63900ee8ca2390b847a477f765e
Novell Zenworks Mobile Device Management Local File Inclusion
Posted Jun 5, 2013
Authored by rgod, steponequit | Site metasploit.com

This Metasploit module attempts to gain remote code execution on a server running Novell Zenworks Mobile Device Management.

tags | exploit, remote, code execution
advisories | CVE-2013-1081, OSVDB-91119
MD5 | b4d1f0fc8e8f17c2fa100f4039524923
Page 1 of 12
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close