This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686
3ed3279ffabc1d769fe51805e802f0af5a86f32107a739ee1f3f3ec23f7e3010This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
538ce6a834dffd6d9e669ab16ae984c12556d38cab1d2870f6bbbd5bc570cb23This Metasploit module will create a service on the box, and mark it for auto-restart.
79da7c70153554395ef5348119b04ecdb39ab60cb29fef4eae875f83f0352191This Metasploit module will create a cron or crontab entry to execute a payload. The module includes the ability to automatically clean up those entries to prevent multiple executions. syslog will get a copy of the cron entry.
9793155803f506f6e27c18e5277bed947632ef874e5664d5251d4e9d7cb8c507Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.
23aa19a2ba418a35cd8bbecabd42ee2c073706a9c5dc4bf7724e7a87210b3a29The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
548cc509510583c6e9073f79cf341d4f7d444c54333db5eee6854c756f2f9ecfCentreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.
9131c295c6f0a87ffeed5ec24203a47294ef439eb9e76d9c596efa1d5fafc764The configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
34a689b22e757960916b2b0af3d9484a9d86ebc2d53f95c0c172deab2122b07eIPFire, a free linux based open source firewall distribution, versions prior to 2.19 Update Core 101 contain a remote command execution vulnerability in the proxy.cgi page.
4455d8714ad0f2e393232ebc31503bf395db118a9964e731f57356a841e46f2aIPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.
72f8b0873dc11b2d3d2949fc7e34c4a2aa14b2eba24cd506e1e1251f6aec3dd2This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian.
c66135298bdbc3ecf2b75f9d3d628a64cee1d120ca05cf2ddac7c252fa2aba07B-Hind CMS suffers from an arbitrary file upload vulnerability.
97ed6c0cf971ffd8874955c3bae801f0b8abdec48bef8aefbbae98eba7c9bd3cCiviCRM version 3.1 Beta 1 suffers from a cross site scripting vulnerabilities.
9c385dd7f21fa4b7ac3daee61f0efffca14768b60a3f579137854a0c44a87584LinkLogger version 2.4.10.15 remote denial of service exploit.
b5ade360e2c755ceed5c64b61b0c0fe4d58b6b8de7528d7ca1d1dcf726061e83Addonics NAS Adapter remote FTP server denial of service exploit.
873f1ca01bb0427aae2c7f7b63e103edc4b0e3982b7c4fce18737c13327ee837Addonics NAS Adapter remote denial of service exploit that leverages bts.cgi.
dc0ed7bb8a5d050cf2fc842eb643b436ee5841782f12eaa5d52ac64761bc2222Addonics NAS adapter post authentication denial of service exploit.
b0c6cced89aa484a6d2f1ac21c2bdc2c20fbb2785596aa7bf5acaa7f417b274b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed