Email address | private |
---|---|
First Active | 2011-06-24 |
Last Active | 2015-10-14 |
This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication. Abusing the local file inclusion in the lang cookie to parse this file, results in arbitrary code execution, also without any authentication. The module has been tested successfully on Arkeia 10.0.10. The issues have been fixed in version 10.1.10.
b6be92789311b465be99dfdca2d0ac2207f5eb8fd1d7de3d361ab48a8421df40
This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the "new_comprehensive_save.php" page. This hash can be used to log in as the admin user. After logging in, the "manage_site_files.php" page will be used to upload arbitrary code.
153813f0acc368a45adcb43f7156aa643bd4c5305a6564c6562b51d3c58cec74
Western Digital Arkeia Appliance version 10.0.10 suffers from local file inclusion and unauthenticated firmware upload vulnerabilities.
986980ef6f7a090f7de67c61f20277e211d6c6bd9bfdb11aea4f532caa3ad9cd
OpenEMR version 4.1.1 Patch 14 suffers from remote shell upload and remote SQL injection vulnerabilities.
dd2bb2f9a5d3ce8ac7e4ee72e80cd42dbbbcb6ec9045c094bc63c0831a0f7e7a
TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Release 30923 suffers from cross site request forgery and cross site scripting vulnerabilities.
6f8f17c7fe77da4b4fb9dc2dbb22d7bc2130afdfd2ddf5f70ee72cef17ddb028
Alienvault OSSIM versions prior to 4.3.0 suffer from multiple reflective cross site scripting vulnerabilities.
b97b24ad187260fb2d369e36bc782d9527bb13c5629ef33949027b13a42c4a22
Motion version 3.2.12 suffers from buffer overflow, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
b0344ad160e1b46270a65b0478d5055eea41ebe9ede1d2cfbe6032d25f57175b
The CAREL pCOWeb firmware version 1.5.0 and lower has two passwordless default accounts that allow direct shell access via telnet. These accounts are not exposed in the associated Web UI. CAREL pCOWeb is an embedded device used primarily for HVAC systems.
82b0a4cd0a0bf41d1802335815e91ba3801340fe8352516154ac02cad97445f8
Astium VoIP PBX versions 2.1 build 25399 and below remote crash proof of concept exploit that causes astiumd to crash when sent a large buffer.
e4acc58c36708f878375e2b46efebab2ae7b0ffc17d0d60f690a35ea16535fe7
Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected.
a8bfed2b6a0488de9a6ded9c5bfe3e6d3e1e35ff053af72f599d8824a3f99a99
Ubiquiti AirOS versions 5.5.2 and below suffer from a remote post-authentication root-level command execution vulnerability.
31177e50c29169efd962af59bdd1dcd6fd98c00f6e95f81c9e27921a3d144b6a
YeaLink IP Phone SIP TxxP firmware versions 9.70.0.100 and below suffer from default credential and cross site request forgery vulnerabilities.
874405777edd847f163325edf73c03b42d16a9c2dc18c2eda37f745725d199aa
This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability.
ae2e0907bda1eeb2906f4560caa8085b35712d1a7fe05eeb19dddd8fe8de7ac1
ManageEngine Security Manager Plus versions 5.5 build 5505 remote SYSTEM/root SQL injection exploit that spawns a shell.
6d2a8bcbddb1c5a2fce72265db430d93c35c4e46841e736af9eb65ee5db7fa47
ManageEngine Security Manager Plus versions 5.5 build 5505 and below suffer from a path traversal vulnerability.
fa2c630e11d919d9d1b121504583b9b23aae97d94b41855b33e036271a53318b
This Metasploit module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM. No authentication is necessary to exploit this.
e2984c80e9b18bcfe0bf36c7deb7a463e4967710e4784d8a20eb3c7da32c323b
ManageEngine Support Center Plus versions 7908 and below suffer from multiple cross site scripting and shell upload vulnerabilities.
ce1d93bee37427da393ef8b2a378940e15f95dfe2266842aa8f8b6171109489a
ManageEngine Support Center Plus versions 7903 and below suffer from backup related, unauthorized access, cross site scripting, and remote SQL injection vulnerabilities.
00f2539984dab23c36d58c4e258af76a9f0554b23a8e7f3047e20d3d1a2fd7a1
ManageEngine Support Center Plus versions 7801 and below of the 7.8 build suffer from a directory traversal vulnerability.
8743cb951897ee9699667263f90fad9d4a903b39178ae4eaf8b7ff565eb920ee