what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 307 RSS Feed

Files from rgod

First Active2005-06-18
Last Active2023-09-08
LG Simple Editor Remote Code Execution
Posted Sep 8, 2023
Authored by rgod, Ege Balci | Site metasploit.com

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious JSP payload with the SYSTEM user permissions.

tags | exploit, vulnerability, code execution
advisories | CVE-2023-40498
SHA-256 | 6932d8048db104bdeaa927b23fea68a29152e32fd74b6498bd70fa53bbc37270
Advantech iView NetworkServlet Command Injection
Posted Aug 18, 2022
Authored by rgod, Shelby Pace, Y4er | Site metasploit.com

Advantech iView software versions prior to 5.7.04.6469 are vulnerable to an unauthenticated command injection vulnerability via the NetworkServlet endpoint. The database backup functionality passes a user-controlled parameter, backup_file to the mysqldump command. The sanitization functionality only tests for SQL injection attempts and directory traversal, so leveraging the -r and -w mysqldump flags permits exploitation. The command injection vulnerability is used to write a payload on the target and achieve remote code execution as NT AUTHORITY\SYSTEM.

tags | exploit, remote, code execution, sql injection
advisories | CVE-2022-2143
SHA-256 | 23eb648158fbc4d29b6a4548a4494b101e1715cad07dd93ecd76726409d9069d
Quest NetVault Backup Server Code Execution / SQL Injection
Posted Feb 22, 2019
Authored by rgod, Chris Anastasio

Quest NetVault Backup Server versions prior to 11.4.5 suffer from process manager service SQL injection and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
advisories | CVE-2017-17417
SHA-256 | d64452d985968041fdc707a0dfbae3290f40711c502eb6aaaeb24a77072e2e6a
EMC VMAX Virtual Appliance (vApp) Authentication Bypass
Posted Oct 31, 2017
Authored by rgod | Site emc.com

The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management (eManagement) contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected products include EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).

tags | advisory, bypass
advisories | CVE-2017-14375
SHA-256 | f18d4b791aa5ab38928fc5023efe3fe370686f782ff9192339e3ecd5d208f81a
EMC ViPR SRM for SAS Directory Traversal / Denial Of Service
Posted Sep 20, 2017
Authored by rgod | Site emc.com

EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R (Watch4Net) for SAS Solution Packs contain directory traversal and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2017-8007, CVE-2017-8012
SHA-256 | d8fd541238a290126b690b97c35135c5a00a337a9f9c9294e18f218ff29f8426
EMC Data Protection Advisor Hardcoded Password
Posted Sep 16, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions 6.3.x and 6.4.x are affected.

tags | advisory
advisories | CVE-2017-8013
SHA-256 | 3aaf4121fb9b0575cdcc672569f79fb79ba6e1a12da1241bda5dcdda2198838c
EMC AppSync SQL Injection
Posted Sep 8, 2017
Authored by rgod | Site emc.com

EMC AppSync contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. All versions prior to 3.5 are affected.

tags | advisory, sql injection
advisories | CVE-2017-8015
SHA-256 | 3626e7de16410c493a25288632f5b8852d38948696fbeb8dd5e2fd6e50c14c77
EMC Undocumented Accounts
Posted Jul 12, 2017
Authored by rgod | Site emc.com

EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R for SAS Solution Packs contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

tags | advisory, remote, web, arbitrary
advisories | CVE-2017-8011
SHA-256 | e6415f53d783cf4db0e45411c0e289224a93bbb7336828a9a2b204e38467e23e
EMC Data Protection Advisor SQL Injection / Path Traversal
Posted Jul 7, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2017-8002, CVE-2017-8003
SHA-256 | 05cb312b3d51461c4a374866f6a1305114602a8066f88e5c75ce51159ee2643d
VASA Provider Virtual Appliance 8.3.x Remote Code Execution
Posted Jun 29, 2017
Authored by rgod | Site emc.com

VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.

tags | advisory, remote, arbitrary, root, code execution
advisories | CVE-2017-4997
SHA-256 | a4d0a8672e720b49dae2fef3ee2fa48acda55214ead9237b46537b91eade0b32
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
Posted Apr 22, 2016
Authored by rgod, Zhou Yu | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2016-0854
SHA-256 | eb65f546694378db27ee102831851f498e62d4fb03e39ac60cfe0233903e6505
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling
Posted Apr 6, 2015
Authored by rgod, mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication. The second problem is that the settings-new.jsp file will only check the 'username' attribute before authorizing the 'uploadFile' action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module's References section.

tags | exploit, web, arbitrary, vulnerability, code execution
advisories | CVE-2015-2284, OSVDB-81634
SHA-256 | 2317dc92c6f139454e3f1f332df164d1f95a0522a4c134a535971f37a15fb0d2
SolarWinds Storage Manager Authentication Bypass
Posted Sep 12, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This Metasploit module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

tags | exploit, remote, code execution, bypass, file upload
systems | linux, windows
SHA-256 | 8e0158bd6ed6894515f4b2ee12c6dea89374d232c9a98949f115bcf2c61c7927
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Posted Jul 6, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2014-2424
SHA-256 | 354b179956fa5730561cdacb3cb83ea87cbbaf8af2b2d69f7b545cc36d2d4223
HP AutoPass License Server File Upload
Posted Jun 27, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-6221
SHA-256 | dd2fd87c80023443848e47bf145fc594ce2617436c0759a85eb64c8248dbcdb7
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
Posted Jun 17, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses several directory traversal flaws in Rocket Servergraph Admin Center for Tivoli Storage Manager. The issues exist in the fileRequestor servlet, allowing a remote attacker to write arbitrary files and execute commands with administrative privileges. This Metasploit module has been tested successfully on Rocket ServerGraph 1.2 over Windows 2008 R2 64 bits, Windows 7 SP1 32 bits and Ubuntu 12.04 64 bits.

tags | exploit, remote, arbitrary
systems | linux, windows, ubuntu
advisories | CVE-2014-3914
SHA-256 | 6e5d60b2a820df1fa23141aca83b453d17a395a8fac173dda8ddc42205721c6f
Symantec Workspace Streaming Arbitrary File Upload
Posted May 20, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.

tags | exploit, remote, arbitrary, root, code execution
systems | windows
advisories | CVE-2014-1649
SHA-256 | cb1b416c6a81192072db5387c939127cc89639e3ba035c140a68125e64bbc407
IBM Forms Viewer Unicode Buffer Overflow
Posted Jan 3, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows
advisories | CVE-2013-5447
SHA-256 | 8c139782a403921bdba77c8856a91b24673a1e9c2f049de54c66647ee1019e52
HP SiteScope issueSiebelCmd Remote Code Execution
Posted Dec 23, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.

tags | exploit, web, arbitrary, code execution
systems | linux, windows, centos
advisories | CVE-2013-4835, OSVDB-99230
SHA-256 | b961edaf771081e73dba11e81febc940689847d6bed6412bc6f0a4ad23ff2aae
EMC Data Protection Advisor Remote Code Execution
Posted Dec 10, 2013
Authored by rgod | Site retrogod.altervista.org

EMC Data Protection Advisor version 5.8 sp5 suffers from a DPA Illuminator EJBInvokerServlet remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
SHA-256 | bec0bb61454387d713dc7ce4ade6cefcbc27df7b553ab6873ee83cad51e2a1c6
Cisco Prime Data Center Network Manager Arbitrary File Upload
Posted Dec 3, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This Metasploit module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).

tags | exploit, remote, arbitrary, code execution
systems | cisco, windows
advisories | CVE-2013-5486, OSVDB-97426
SHA-256 | a8b1e9381f38a27ba3bb8e6624bca069e80ca49aa765a1ba3132167371bfd9bd
Symantec Workspace Streaming 7.5.0.493 Rmote Code Execution
Posted Oct 25, 2013
Authored by rgod | Site retrogod.altervista.org

Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
SHA-256 | 013fe724276f3efdcdb2e04f6e5462344632c6aeb84259e399b9fb314b8d088d
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Posted Oct 22, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This Metasploit module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4822, OSVDB-98247
SHA-256 | 259ed051cf78d79d3dc1060b81ae4b7df6b46139d8805a2a7c01408edc69946d
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Code Execution
Posted Oct 4, 2013
Authored by rgod | Site retrogod.altervista.org

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) marshalled object remote code execution exploit.

tags | exploit, remote, web, code execution
SHA-256 | b275ef861edfedcc0c2663fb34bc9cd3f90533f1d025aca7c3f439465142c3d5
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
Posted Oct 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.

tags | exploit, remote, code execution, activex
systems | windows
advisories | OSVDB-93696
SHA-256 | e226e603a3f8f22c21c0f2712cbfeaa7a0838b3fecca9d66915509a6db1d2185
Page 1 of 13
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close