This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.
c13f3213213baa28e248e4dc73e332bc336b5d187686a95ad2ef8b57a7b36938This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.
9876efa02a9403b13e3814ee5a4409950bf50bd73e0e3c6f43ee673c60841a3eThis is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.
8cd9a562fc422fbab693c7375a6d77afbff17c5e7e25cd997d8290beae82bbe2This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4.
4732ae6117764a5cac9dd84f3d79ef6065f0a8c5a22085a25d924acb3a87756eZen Load Balancer version 3.10.1 suffers from a remote code execution vulnerability.
29c20561040a95db93c50db27ac160b719fa168e3166212b7e43c1092858f647This whitepaper is a quick tutorial on pentesting the Zen load balancer.
8ebf09c3635ca8278455d6f94536ff8b1c047cc31e15ee939200ecc06d560253VA MAX version 8.3.4 suffers from a post-authentication remote code execution vulnerability.
83895e02490abd5dff21baf3e6cb7ef84abf36fa23f4bc7a4401f14daf917e92Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.
e79e67b62c5a3db8d9973fd1eb18a3c66ece70790cdf160b8cd6d21bd4354906This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.
716aad67ffbd1e03ee636500fb005acbd2d5d6ac6569cc879ee02aa5114964b1RealPlayer version 18.1.7.344 suffers from memory corruption vulnerabilities.
34735884e57bf041f2ef2d6a51aff4eac035924e94a271abafaa53b0e7f52ed3This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.
87a728b87ac587ae5b8e6ee3b500ceb0624fe986b8ed1bfd032bd116ff3c79a3This proof of concept code shows how administrative functionality can be abused in DokuWiki to upload a shell.
898865a317bcc77f576b4558759df3d84a4cbe466095de9d767b2e148a4909dbThis proof of concept code shows how functionality can be abused in Concrete5 to upload a shell.
d3561f919f95a84828625cf5bd9e0f2bdfc5da586f3e00580cf1cd43a8d35f83Irfan View version 4.42 suffers from multiple crash vulnerabilities.
d8b34f2ac98cb14fe582e633c1a7fd986c688540153b7c02ef5cf5d86bfdb7faMicrosoft Outlook 2010 WriteAV proof of concept crash exploit.
f6751c5e9616b27ce38fd40c1a3c8f84b8face9869f05783abe3be237cbaaa9eMicrosoft Internet Explorer 8 user mode write AV proof of concept code.
add8845ff9694555ffb68dbb14ce822122e3cf8e5c41c12d6dd8149806a65b9ePublisher in Microsoft Office 2010 suffers from three denial of service vulnerabilities that can result in a crash.
92d4806502ddbfb861c44b73ab19354dd02252559e04a185f6e8ea97c63c7f33Microsoft Internet Explorer divide by zero proof of concept denial of service exploit.
0e70e4c082f946f359c63b9b6a4e594dc50965980351a81ff1b82297a5f7c2e7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed