This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent.
eea257b390a3b287d462cce58af78297233c499f3594b67b9e26d2aa119c09e9
This Metasploit module exploits an unauthenticated remote command execution vulnerability in the discoveryd service exposed by HID VertX and Edge door controllers. This Metasploit module was tested successfully on a HID Edge model EH400 with firmware version 2.3.1.603 (Build 04/23/2012).
8275f8758f70a2b7dda2edcb091aa489d7febf1014d2edabac321e0b6df40de0
This Metasploit module exploits an argument injection vulnerability in GitList version 0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'.
438a7961adff6a24e2b4c17fe41509049358ceda89125f0c70d6808fa38a4266
Linux Awk to Perl (/usr/bin/a2p) suffers from a buffer overflow vulnerability.
e971bbb15948d862ca262f19d55b97753f511a0f608fbcdbf35a02083d720146