This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
50854cb971dc87b2cb4c48dcf38444d5D-Link DIR-601 suffers from a tftp related directory traversal vulnerability.
e834eb0071d2f83454670f7ea6966f65A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
7b49b43698a2dd6a893cb299575f393dA vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" directory can obtain the user credentials using readily available tools.
39a2c7ea8cdcd4022bab807d3cda1e2dA vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools.
e671904d60de6a02295bef5fe8e2846bFoxit Reader is vulnerable to a insecure library loading vulnerability. The libraries identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll.
5f49cb9b9c74f6824f344ca672e0d97bPDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.
706f0d7e7d5c625798c43a9f1540fd4fCodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.
b834b65b3c48ade728b6feab1dcc9e22Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0 suffer from multiple cross site scripting vulnerabilities.
7ce913cfff4bfb0876221f844c1b73a4Sonexis ConferenceManager version 9.3.14.0 suffers from a remote SQL injection vulnerability.
5562ddb1be442c059d610fff73f83ffeA vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.
0f01e6c7de37ce973f94c68b6d6d42a0Tembria Server Monitor suffers from multiple cross site scripting vulnerabilities.
5eb079ae5593eae0d344572399df6e4eManageEngine EventLog Analyzer version 6.1 suffers from multiple cross site scripting vulnerabilities.
c4f4a5202a60704a92f1220eb84cff49Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.
0adf2e6995648c6c875ed90eec59aec1ManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.
50700c4e82b5c4a4d2f4678daeee5fabThe login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.
65fa30f3ed6a05bafcd2835c26e753a1
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed