This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
50854cb971dc87b2cb4c48dcf38444d5
D-Link DIR-601 suffers from a tftp related directory traversal vulnerability.
e834eb0071d2f83454670f7ea6966f65
A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
7b49b43698a2dd6a893cb299575f393d
A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" directory can obtain the user credentials using readily available tools.
39a2c7ea8cdcd4022bab807d3cda1e2d
A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools.
e671904d60de6a02295bef5fe8e2846b
Foxit Reader is vulnerable to a insecure library loading vulnerability. The libraries identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll.
5f49cb9b9c74f6824f344ca672e0d97b
PDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.
706f0d7e7d5c625798c43a9f1540fd4f
CodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.
b834b65b3c48ade728b6feab1dcc9e22
Sonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0 suffer from multiple cross site scripting vulnerabilities.
7ce913cfff4bfb0876221f844c1b73a4
Sonexis ConferenceManager version 9.3.14.0 suffers from a remote SQL injection vulnerability.
5562ddb1be442c059d610fff73f83ffe
A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.
0f01e6c7de37ce973f94c68b6d6d42a0
Tembria Server Monitor suffers from multiple cross site scripting vulnerabilities.
5eb079ae5593eae0d344572399df6e4e
ManageEngine EventLog Analyzer version 6.1 suffers from multiple cross site scripting vulnerabilities.
c4f4a5202a60704a92f1220eb84cff49
Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.
0adf2e6995648c6c875ed90eec59aec1
ManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.
50700c4e82b5c4a4d2f4678daeee5fab
The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.
65fa30f3ed6a05bafcd2835c26e753a1