This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request.
1baffab9687f81feac9fe65275eba574314a19a248d0ee583a4ac8f7f390b032This Metasploit module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability.
fda2ed96c7854f1149174941d930215d8d922e9d68ec36da8fe223a30b08ad38A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
2c771b51eb75ada179bdbfecb74aebaee8b16721ebc04a5e5d918a82a211ed0aA vulnerability in the web-based management interface of the Cisco RV130W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. Note: successful exploitation may not result in a session, and as such, on_new_session will never repair the HTTP server, leading to a denial-of-service condition.
09f07f0e9d2f9b46f8c355fbdac1e89d6992aeb917ea250f9d23b8b7c6760b66This Metasploit module exploits a feature of Hashicorp Consul named rexec.
963121d6bfb3e81f34ecc03a58fc3805bdfb01aa24c1119b8e63ed8a764c4e9dThis Metasploit module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes.
c9985cec6d3688a95c8d7d41a6bd835101a9ebd7f40b4912c8819483c0608966This Metasploit module exploits the Eclipse Equinoxe OSGi (Open Service Gateway initiative) console fork command to execute arbitrary commands on the remote system..
32ab794c04a43a7815dcac8dd5adf291828425b976e3e4610d3300a8c8e5373eThis Metasploit module exploits a vulnerability found in TrendMicro Smart Protection Server where untrusted inputs are fed to ServWebExec system command, leading to command injection. Please note: authentication is required to exploit this vulnerability.
c0669d4763a8b0f7006a57298e45c4f523d05ca9e7d1a8c304ef6ed3cde57c5f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed