This Metasploit module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
0d13cee7943b511e1894639ec337c177f0900b866756b484b6bf6fa8eab38bedD-Link DIR-601 suffers from a tftp related directory traversal vulnerability.
c2341be3374f364db4886f7f9c73cd038eea6bb969288bf41618374a371eccf2A vulnerability exists in the NetSaro Enterprise Messenger Server Administration Console allowing a remote attacker to obtain unauthenticated access to the applications source code. Attackers may make HTTP GET requests and append a Null Byte to allow download of the source code for the applications web pages. An attacker does not need to authenticate to obtain access to source code for pages that usually require authentication prior to viewing.
1231ae3590ce9f439d6b83bc44f312d176de967ea3fd246651485e8e72f9d537A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to obtain access to plaintext usernames and passwords. The stored passwords are used to authenticate users running the NetSaro Enterprise Client connecting to the server. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or gained direct access to the NetSaro.fdb database file found in the "NetSaro Enterprise ServerDb" directory can obtain the user credentials using readily available tools.
5cbcfb103f656ef50499195011ab3f297cb4532d146aa664ccd91c09612fe813A vulnerability exists in the NetSaro Enterprise Messenger Server application allowing an attacker to easily decrypt passwords used to authenticate to the application. The application implements Base64 encoding to obfuscate the values of plaintext passwords used for logging into the server administration console. This is a second level attack that requires access to the password files stored within the application root directory. An attacker who has previously compromised the host operating system or achieved direct access to the configuration.xml file found in the "NetSaro Enterprise Server" directory can obtain the encoded user credentials and decrypt them using readily available Base64 decoding tools.
1e5e9c85c5226e719db82524ba8e52dd4a1526c77d534b61ca30a522f9e623abFoxit Reader is vulnerable to a insecure library loading vulnerability. The libraries identified as being vulnerable are dwmapi.dll, dwrite.dll and msdrm.dll.
047e3c204e5c287be970d65194e080c2be858894ecf54e106bd21d7be1137d5fPDFill PDF Editor version 8.0 suffers from an insecure library loading vulnerability.
86766208a90ef69191d151095e97ebd1cdcdf37a7ef654d94d09c148515f3decCodeMeter WebAdmin versions 3.30 and 4.30 suffer from a cross site scripting vulnerability.
37b2d92023e5ba909975303fa7fb686f9e8f69afae90052f86672f0c13a993ccSonexis ConferenceManager versions 9.2.11.0 and 9.3.14.0 suffer from multiple cross site scripting vulnerabilities.
de6e4d3b5961ca6b8c0771fb8c0bbb98a1eca1d8a74a30f719e8e3999f27a287Sonexis ConferenceManager version 9.3.14.0 suffers from a remote SQL injection vulnerability.
37aba3b355976382ff4224b89f1bb3b7b846ece9b9010e83d7b60d3569629382A vulnerability exists in the Tembria Server Monitor application allowing an attacker to easily decrypt usernames and passwords used to authenticate to the application. This is a second level attack that requires access to the password files stored within the application directory.
163a065cfecd676df474c29e1bd95914935a34327f5d1ac24420581f6c99a5aeTembria Server Monitor suffers from multiple cross site scripting vulnerabilities.
bd43f55446ef0b1ec184ba04169d7ae96d5669d34c462d144c86fcb05e1fc3d3ManageEngine EventLog Analyzer version 6.1 suffers from multiple cross site scripting vulnerabilities.
7cb6e64c640b4ec8752b210b56496188f79b9a7b16c49c12fea64d2fd0b98a37Novell Vibe version 3 BETA OnPrem suffers from a stored cross site scripting vulnerability.
38d0853e67710878d23cc032e0905d8715455a8808a2d048463114929f781f0eManageEngine EventLog Analyzer version 6.1 suffers from a syslog related denial of service vulnerability.
9f4921e40b2aa8b7483acda6af72d4fa70c77ca1e595b48731a77471bae50f5aThe login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers tobypass authentication and access sensitive information stored on the device.
0aa31d61a17571c0fb1db50bfa89f614672ac6e1de71f37e6ea906313453af1b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed