This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell.
80ffaf7cb462642699e6294696050604e8ce8895cc84c13a29c4668c10b20da4
This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions 3.1-3.5-RC7.
19c3372a730e1d8d0af6219db6b006294c0a1e69708189476bc93f45950021eb
Progea Movicon versions 11.5.1181 and below suffer from search path related vulnerabilities.
3c27f46c9c35863630e0bcb760272da150ea550494090d47a78f9257d279eb07
SpiderControl SCADA Web Server versions 2.02.0007 and below suffer from an improper privilege management vulnerability.
2378a84eb198ed39fc681076b39d9def7c87bcb0b99d8a1c1eeae425ed47ed97
JanTek JTC-200 RS232-NET Connector suffers from cross site request forgery and missing authentication vulnerabilities.
c7609342cf2c7e5053c6d7835d18f3713bed53c9a2e04ffdb132de5d57800d31
Trihedral VTScada versions prior to 11.2.26 suffer from resource consumption, cross site scripting, and information disclosure vulnerabilities.
e14e0d0f4e7e01e5baeffed7b702d91c7d3bbbc0662e4bfd676b5401df83dceb
Schneider Electric Wonderware InduSoft Web Studio versions 8.0 Patch 3 and below suffer from having incorrect default permissions.
3a6fb63ee2321ae2148abfe45340ced49709d99fb96721ff3760ab329b26826c
Digital Canal Structural Wind Analysis versions 9.1 and below suffer from a buffer overflow vulnerability.
682cc56b7180418fb3999e685a72a5afe4e35da7c9f4873634145310163a17df
Microsoft Machine Debug Manager (mdm) suffers from dll hijacking vulnerabilities.
db92dfe873e589fe2a002dfec15943dbc9eb4432297101f2fd0811808db098a2
Microsoft Office Patch Installer suffers from dll hijacking vulnerabilities.
9dd76fa20f90231d58e4b700d50c6a63b8428b18f97fc2b8c466a1268ea2c8bc
Cambium products suffer from SNMP access control issues that may allow for unauthorized changes to the device configuration. Models affected include Cambium ePMP 1000, Cambium ePMP 2000, Cambium PMP XXX, and Cambium ForceXXX models.
83af628b8ca5f9c6f13937f56b1da567235978f7f6485f3db1c03008ecf2e6d5
SenNet data logger and electricity meter appliances suffer from insecure configuration and OS command injection vulnerabilities.
af974497ffb69114fb44715f152d81b4463d76f11a1ae74ed3a4e791dae40a58
Sielco Sistemi Winlog SCADA Software versions prior to 3.02.01 suffer from a dll hijacking vulnerability.
eb28553774404c4a0961a9210b37b0374aff6513679b76880d96e42e9441d27b
The VMU-C webserver suffers from cross site request forgery, cross site scripting, access control, weak credential management, and insecure storage vulnerabilities. VMU-C EM prior to firmware Version A11_U05 and VMU-C PV prior to firmware Version A17 are affected.
1582c6722bcf37eb3cd5c16f529748ff9d4b17c5c7e4c15f8293942e38016191
LAquis SCADA version 4.1 suffers from access control issues.
86fbbd5516820667a46d0ba5ad09fd19f5f20c2b0184e3600ed71fd84482b636
BINOM3 power meter suffers from cross site request forgery, weak credential management, information leakage, and cross site scripting vulnerabilities.
da90f0253119dee9efcf642299ab65df9fc9b9a14cd008de6f27108d78d99c7c
ELNet Power Meter suffers from unauthenticated web management access and weak credential management vulnerabilities.
9683c724c202a4b1a997848e090a1cefe22caaf7565d4b99e32408f765991a8f
Powerlogic / Schneider Electric IONXXXX series smart meters suffers from cross site request forgery and missing access control vulnerabilities.
eeaeca67fb8040d4eb66e65e1d69d543daa6736f03e61b9bbddbf11e71fed0d5
Halliburton LogView Pro version 9.7.5 crash proof of concept exploit.
d4d4d9e520354b414ebfefd6cd10b98cc9a01528c5b3fe92e5747f66792dcf08
mySCADAPro version 7 suffers from a local privilege escalation vulnerability.
379d6269c8c2de09d924fd02e24091cdaf6f7fc469afb166a82edaca8b805f16
MediaCoder version 0.8.43.5852 SEH buffer overflow exploit that spawns calc.exe.
507cda410d7506c0efc4bf9f074328227a1db84046b8e2f802f444e4082a3f89
CoolPlayer+ Portable version 2.19.6 m3u stack overflow exploit with egghunter shellcode and aslr bypass.
5a8e68f70a6bdf520588f514a7b7dbd81ae47a8b5523f6e4d2a654e471361eee
TFTP server version 1.4 WRQ buffer overflow exploit with egghunter shellcode.
a30f7f90aaf3e52cc92f8023f2b71bdf8d949aab32bd3f9c15ff00525964c1e4
RS232-NET Converter (JTC-200) suffers from cross site request forgery and weak credential management vulnerabilities along with unauthenticated access over telnet.
f40c27189efefaddaf076e2f7f0a039c4c3ecdf9474cf872b0c3d27fd919c72b
CIMA DocuClass ECM suffers from cross site request forgery, cross site scripting, direct object reference, and remote SQL injection vulnerabilities.
e59340b8b2d2736f3f23ac644c82482a122095cf376b184333e25aefc5c3d6b6