Exploit the possiblities
Showing 1 - 25 of 304 RSS Feed

Files from rgod

First Active2005-06-18
Last Active2017-10-31
EMC VMAX Virtual Appliance (vApp) Authentication Bypass
Posted Oct 31, 2017
Authored by rgod | Site emc.com

The vApp Manager which is embedded in EMC Unisphere for VMAX, Solutions Enabler, VASA Virtual Appliances, and EMC VMAX Embedded Management (eManagement) contains an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system. Affected products include EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).

tags | advisory, bypass
advisories | CVE-2017-14375
MD5 | 9a386e1d1115910c27491d657ce83626
EMC ViPR SRM for SAS Directory Traversal / Denial Of Service
Posted Sep 20, 2017
Authored by rgod | Site emc.com

EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R (Watch4Net) for SAS Solution Packs contain directory traversal and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2017-8007, CVE-2017-8012
MD5 | 318038a7ee6e2b7855e77004110ff700
EMC Data Protection Advisor Hardcoded Password
Posted Sep 16, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions 6.3.x and 6.4.x are affected.

tags | advisory
advisories | CVE-2017-8013
MD5 | b3d7581eae0d75c539bfbda41e34f29c
EMC AppSync SQL Injection
Posted Sep 8, 2017
Authored by rgod | Site emc.com

EMC AppSync contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. All versions prior to 3.5 are affected.

tags | advisory, sql injection
advisories | CVE-2017-8015
MD5 | 84f1c0f58d34e8d308a382ba554482dd
EMC Undocumented Accounts
Posted Jul 12, 2017
Authored by rgod | Site emc.com

EMC ViPR SRM, EMC Storage M and R, EMC VNX M and R, EMC M and R for SAS Solution Packs contain undocumented accounts with default passwords for Webservice Gateway and RMI JMX components. A remote attacker with the knowledge of the default password may potentially use these accounts to run arbitrary web service and remote procedure calls on the affected system.

tags | advisory, remote, web, arbitrary
advisories | CVE-2017-8011
MD5 | d7658f06bf5a32b13365a7b0df94c860
EMC Data Protection Advisor SQL Injection / Path Traversal
Posted Jul 7, 2017
Authored by rgod | Site emc.com

EMC Data Protection Advisor versions prior to 6.4 suffer from remote SQL injection and path traversal vulnerabilities.

tags | advisory, remote, vulnerability, sql injection
advisories | CVE-2017-8002, CVE-2017-8003
MD5 | bb15dd92d582999bd00052456097ccf3
VASA Provider Virtual Appliance 8.3.x Remote Code Execution
Posted Jun 29, 2017
Authored by rgod | Site emc.com

VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.

tags | advisory, remote, arbitrary, root, code execution
advisories | CVE-2017-4997
MD5 | 7a04bf5491d9f34fb55f1d0f811bed79
Advantech WebAccess 8.0 Dashboard Viewer Arbitrary File Upload
Posted Apr 22, 2016
Authored by rgod, Zhou Yu | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.

tags | exploit, remote, arbitrary, file upload
advisories | CVE-2016-0854
MD5 | 0cd699d2ba08a1eea8e330908b98312a
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling
Posted Apr 6, 2015
Authored by rgod, mr_me, sinn3r | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication. The second problem is that the settings-new.jsp file will only check the 'username' attribute before authorizing the 'uploadFile' action, which can be exploited and allows the attacker to upload a fake xls host list file to the server, and results in arbitrary code execution under the context of SYSTEM. Depending on the installation, by default the Change Advisor web server is listening on port 48080 for an express install. Otherwise, this service may appear on port 8080. Solarwinds has released a fix for this vulnerability as FSM-v6.6.5-HotFix1.zip. You may download it from the module's References section.

tags | exploit, web, arbitrary, vulnerability, code execution
advisories | CVE-2015-2284, OSVDB-81634
MD5 | 3c9531f839e4a854197540d7030b14ad
SolarWinds Storage Manager Authentication Bypass
Posted Sep 12, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Solarwinds Storage Manager. The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication with specially crafted URLs. After bypassing authentication, is possible to use a file upload function to achieve remote code execution. This Metasploit module has been tested successfully in Solarwinds Store Manager Server 5.1.0 and 5.7.1 on Windows 32 bits, Windows 64 bits and Linux 64 bits operating systems.

tags | exploit, remote, code execution, bypass, file upload
systems | linux, windows
MD5 | 5e9d54bbc0c3892de9affde657fd7a34
Oracle Event Processing FileUploadServlet Arbitrary File Upload
Posted Jul 6, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an Arbitrary File Upload vulnerability in Oracle Event Processing 11.1.1.7.0. The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Processing uses a Jetty Application Server without JSP support, which limits the attack to WbemExec. The current WbemExec technique only requires arbitrary write to the file system, but at the moment the module only supports Windows 2003 SP2 or older.

tags | exploit, arbitrary, file upload
systems | windows
advisories | CVE-2014-2424
MD5 | 9d69dc85531e3581628bc568a2fac8f2
HP AutoPass License Server File Upload
Posted Jun 27, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP AutoPass License Server. It abuses two weaknesses in order to get its objective. First, the AutoPass application doesn't enforce authentication in the CommunicationServlet component. On the other hand, it's possible to abuse a directory traversal when uploading files thorough the same component, allowing to upload an arbitrary payload embedded in a JSP. The module has been tested successfully on HP AutoPass License Server 8.01 as installed with HP Service Virtualization 3.50.

tags | exploit, arbitrary, code execution
advisories | CVE-2013-6221
MD5 | 3209b299f33911d071ed8ed5db8462cc
Rocket Servergraph Admin Center fileRequestor Remote Code Execution
Posted Jun 17, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module abuses several directory traversal flaws in Rocket Servergraph Admin Center for Tivoli Storage Manager. The issues exist in the fileRequestor servlet, allowing a remote attacker to write arbitrary files and execute commands with administrative privileges. This Metasploit module has been tested successfully on Rocket ServerGraph 1.2 over Windows 2008 R2 64 bits, Windows 7 SP1 32 bits and Ubuntu 12.04 64 bits.

tags | exploit, remote, arbitrary
systems | linux, windows, ubuntu, 7
advisories | CVE-2014-3914
MD5 | 9179b5c8a6e501cfaae32462b97b7468
Symantec Workspace Streaming Arbitrary File Upload
Posted May 20, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Symantec Workspace Streaming. The vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the as_agent.exe service, which allows for uploading arbitrary files under the server root. This Metasploit module abuses the auto deploy feature in the JBoss as_ste.exe instance in order to achieve remote code execution. This Metasploit module has been tested successfully on Symantec Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single machine deployment, and also in the backend role in a multiple machine deployment.

tags | exploit, remote, arbitrary, root, code execution
systems | windows
advisories | CVE-2014-1649
MD5 | 3fd8e8cacb6bdc783c86fc4797d7f2f5
IBM Forms Viewer Unicode Buffer Overflow
Posted Jan 3, 2014
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in IBM Forms Viewer. The vulnerability is due to a dangerous usage of strcpy-like function, and occurs while parsing malformed XFDL files, with a long fontname value. This Metasploit module has been tested successfully on IBM Forms Viewer 4.0 on Windows XP SP3 and Windows 7 SP1.

tags | exploit, overflow
systems | windows, xp, 7
advisories | CVE-2013-5447
MD5 | 934e609ca11e09357b857cfb77ad41d6
HP SiteScope issueSiebelCmd Remote Code Execution
Posted Dec 23, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2, Windows 2008 and CentOS 6.5.

tags | exploit, web, arbitrary, code execution
systems | linux, windows, centos
advisories | CVE-2013-4835, OSVDB-99230
MD5 | c47155aa1ec6b6ddf7fc0aa35c3a1e77
EMC Data Protection Advisor Remote Code Execution
Posted Dec 10, 2013
Authored by rgod | Site retrogod.altervista.org

EMC Data Protection Advisor version 5.8 sp5 suffers from a DPA Illuminator EJBInvokerServlet remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
systems | linux
MD5 | 19edac034d235467282580bde6d60025
Cisco Prime Data Center Network Manager Arbitrary File Upload
Posted Dec 3, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This Metasploit module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).

tags | exploit, remote, arbitrary, code execution
systems | cisco, windows
advisories | CVE-2013-5486, OSVDB-97426
MD5 | ea01f3db936835a291f78881e7efe92b
Symantec Workspace Streaming 7.5.0.493 Rmote Code Execution
Posted Oct 25, 2013
Authored by rgod | Site retrogod.altervista.org

Symantec Workspace Streaming version 7.5.0.493 suffers from a SWS streamlet engine invoker servlets remote code execution vulnerability. Proof of concept code included.

tags | exploit, remote, code execution, proof of concept
MD5 | 2aad250d3d484f61dcba691bf8f771ed
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
Posted Oct 22, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This Metasploit module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2013-4822, OSVDB-98247
MD5 | 5b6c74bf1d30a76413f8e41d4e3caee2
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Code Execution
Posted Oct 4, 2013
Authored by rgod | Site retrogod.altervista.org

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) marshalled object remote code execution exploit.

tags | exploit, remote, web, code execution
MD5 | 9b6d4b70aced1d8057141670d07cc07b
SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution
Posted Oct 2, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt memory from the target process. This Metasploit module abuses the methods NumChildren() and DeleteItem() in order to achieve memory info leak and remote code execution respectively. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP SP3 and Windows 7 SP1, using Solid Edge 10.4.

tags | exploit, remote, code execution, activex
systems | windows, xp, 7
advisories | OSVDB-93696
MD5 | 28ccc8a6b178310297fa38093831ae80
HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
Posted Sep 17, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateDomainControllerServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This Metasploit module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.

tags | exploit, arbitrary
advisories | CVE-2013-4811, OSVDB-97154
MD5 | b584e9123b4299224757d83b6266d5e8
HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
Posted Sep 17, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateCertificatesServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This Metasploit module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.

tags | exploit, arbitrary
advisories | CVE-2013-4812, OSVDB-97155
MD5 | 655ea7e5a3301cf06fe81698db51eafa
HP SiteScope Remote Code Execution
Posted Sep 9, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP SiteScope. The vulnerability exists on the opcactivate.vbs script, which is reachable from the APIBSMIntegrationImpl AXIS service, and uses WScript.Shell.run() to execute cmd.exe with user provided data. Note which the opcactivate.vbs component is installed with the (optional) HP Operations Agent component. The module has been tested successfully on HP SiteScope 11.20 (with HP Operations Agent) over Windows 2003 SP2.

tags | exploit, shell, code execution
systems | windows
advisories | CVE-2013-2367, OSVDB-95824
MD5 | 54e615e8ccdc8c83cefabd5dc954b93a
Page 1 of 13
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    42 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close