| Real Name | Gjoko Krstic |
|---|---|
| Email address | private |
| First Active | 2007-07-26 |
| Last Active | 2020-07-06 |
rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2e87055a57f33f9b29edeaf78101e3e4This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and therefore the default settings should work. Results in SYSTEM level access. Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads seem to be valid.
0bce693076ed6cfe035781e990db745dThis Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install correctly), so the environment should be pretty set and not dynamic between targets. Results in root level access.
5b71abbf1e64c3cce0a48cc8d48f03b0CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
d6686dcd290750e64871dcec7268adfcCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
2b40a82dbae2a46bd38664601734d373CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
9a04cbad2c7bcc1e00789b91f73a0061Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.
71fd7f2810f3f64fb2be820cb487f7b5Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.
9068570c9d23605eb5c081c323c3b293Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.
8bc523d3b61e243e2e55cdddefe4c905Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.
6bdde55e22751554fa630c47df38d1dfP5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.
1c782b6ec67ea3314c3e252545f9fbdfFIBARO System Home Center version 5.021 suffers from cross site scripting and remote file inclusion vulnerabilities.
3f7f7703a1c9d1be0e5090ceeb7c714cFifthplay S.A.M.I suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
bebdd5f220b92068c205b2449bc5e81eThrive Smart Home version 1.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
77fa2ff07fff998018a221ce9eca4313Thrive Smart Home version 1.1 suffers from a cross site scripting vulnerability.
7bf380a8440ed49b889c303e67f82cc6HomeAutomation version 3.3.2 suffers from an open redirection vulnerability.
630d0cbd683fd34193cbca469d7e85d9HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability that allows for remote command execution.
7a30bd09a47e106df3ab7b988c8b1342HomeAutomation version 3.3.2 suffers from a cross site request forgery vulnerability.
f521d14fc5f05ace7e2a49937acea647HomeAutomation version 3.3.2 authentication bypass exploit.
921241dc04c0b6e0180069cb9f3dbcdaMyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
a1b1c0aaf9c17fbc3d0e5a3f982a85d5HomeAutomation version 3.3.2 suffers from persistent and reflective cross site scripting vulnerabilities.
474a51866f9db5110eab6aaf47fedf9bWEMS BEMS version 21.3.1 has an undocumented backdoor account that is Base64 encoded. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the controller thru the RMI.
435b68cd5f2973394cdaaaa858de0877WEMS Enterprise Manager version 2.58 suffers from a cross site scripting vulnerability.
fd26e913be2f2993ba411b392e5e811eAVE DOMINAplus versions 1.10.x and below suffer from a credential disclosure vulnerability.
790cebd99238b5f56d27aae90d23bccaAVE DOMINAplus versions 1.10.x and below suffer from an authentication bypass vulnerability.
c5f612ad8d0f1f6fb79558c6059ce3cd
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed