what you don't know can hurt you
Showing 1 - 25 of 44 RSS Feed

Files

Pandora FMS 7.54 Cross Site Scripting
Posted Jul 12, 2021
Authored by nu11secur1ty

Pandora FMS versions 7.54 and below suffer from a persistent cross site scripting vulnerability. This entry has been updated on 2021/07/23 with a fully automated version of the exploit.

tags | exploit, xss
advisories | CVE-2021-35501
MD5 | cedb28d4757a9fbd08e35ecc49c07887

Related Files

myfactory.FMS 7.1-911 Cross Site Scripting
Posted Oct 13, 2021
Site redteam-pentesting.de

myfactory.FMS versions 7.1-911 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | bfc662f603a7c054ced952d06dff7ef6
Pandora FMS 6.0SP3 Cross Site Scripting
Posted May 27, 2021
Authored by nu11secur1ty

Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-0527
MD5 | c93c017b2a3bd57fd53b2f0c4eddcf31
Pandora FMS 7.0 NG 750 SQL Injection
Posted Dec 22, 2020
Authored by Matthew Aberegg, Alex Prieto

Pandora FMS version 7.0 NG 750 suffers from a remote authenticated SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 57657a8a947a5ce728a1f0cc1a58159b
Pandora FMS 7.0 NG 749 SQL Injection
Posted Nov 14, 2020
Authored by Matthew Aberegg, Alex Prieto

Pandora FMS version 7.0 NG 749 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0a96fd3db600fad511975ab2704c5f66
Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
MD5 | f5291266eaebb8b290e3a0b7e6659455
Pandora FMS 7.0 NG 746 Script Insertion / Code Execution
Posted Jul 11, 2020
Authored by AppleBois

Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload.

tags | exploit, remote, code execution, xss
MD5 | 245bf731b05ac276a48b0f51f260ba04
Pandora FMS Ping Authenticated Remote Code Execution
Posted Apr 6, 2020
Authored by Onur ER | Site metasploit.com

This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands.

tags | exploit, remote, arbitrary, php
MD5 | 374a0703e200b94ffbbf77b7a5abd7ae
Pandora FMS 7.0NG Remote Code Execution
Posted Apr 3, 2020
Authored by Basim Alabdullah

Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability.

tags | exploit, remote, php, code execution
MD5 | a6cfa63dd5a875fd53b5c5870eff7bb8
Pandora FMS 7.0 Authenticated Remote Code Execution
Posted Feb 13, 2020
Authored by Engin Demirbilek

Pandora FMS version 7.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-8947
MD5 | c3b198639fda25e23a0dfdf49744d535
Heap Two-Write-Where-And-Not Format String (FMS) Technique
Posted Sep 7, 2016
Authored by bashis

This write up provides code of the 'two-write-where-and-what' format string (FMS) exploitation technique and how to exploit it when located on the heap.

tags | paper
MD5 | 3078f2e3eb94de4bca3f24ba2c709557
Pandora FMS 5.0 / 5.1 Authentication Bypass
Posted Jun 10, 2015
Authored by A. Tsvetkov, Manuel Mancera

Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 6d37f52390af844503b8487747e66f75
Pandora FMS 5.1 SP1 SQL Injection
Posted Feb 11, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Pandora FMS version 5.1 SP1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3c771580986a3f1bc276a6c62a9b2f09
Pandora FMS 5.1 SP1 Cross Site Scripting
Posted Jan 16, 2015
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Pandora FMS version 5.1 SP1 suffers from a persistent cross site scripting vulnerability in the SNMP editor.

tags | exploit, xss
MD5 | f65d5ad804745551a421e17942ed1615
Pandora FMS SQL Injection Remote Code Execution
Posted Nov 26, 2014
Authored by Jason Kratzer, Lincoln | Site metasploit.com

This Metasploit module attempts to exploit multiple issues in order to gain remote code execution under Pandora FMS versions equal to and prior to 5.0 SP2. First, an attempt to authenticate using default credentials is performed. If this method fails, a SQL injection vulnerability is leveraged in order to extract the "Auto Login" password hash. If this value is not set, the module will then extract the administrator account's MD5 password hash.

tags | exploit, remote, code execution, sql injection
MD5 | d879b2c710bcfc29da92c8253b550c36
Pandora FMS 5.1SP1 Cross Site Scripting
Posted Nov 14, 2014
Authored by William Costa

Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | fd1e3809148fda3d0ec848d53f3d197e
Pandora FMS 5.0RC1 Remote Code Execution
Posted Feb 7, 2014
Authored by xistence | Site metasploit.com

This Metasploit module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password by default, which makes it possible to su to this user from the "pandora" user. The "artica" user has access to sudo without a password, which makes it possible to escalate privileges to root. However, Pandora FMS 4.0 and lower force a password for the "artica" user during installation.

tags | exploit, root
MD5 | 35d7dfee04901de86a3c3aaf7fa196bf
Pandora FMS 5.0RC1 Code Execution
Posted Jan 29, 2014
Authored by xistence

Pandora FMS versions 5.0RC1 and below suffer from a code execution vulnerability.

tags | exploit, code execution
MD5 | d9057714df010cfac019fecec177b539
SIEMENS Solid Edge ST4 WebPartHelper Command Execution
Posted May 27, 2013
Authored by rgod | Site retrogod.altervista.org

SIEMENS Solid Edge ST4 WebPartHelper active-x control RFMSsvs!JShellExecuteEx suffers from a remote command execution vulnerability. Proof of concept included.

tags | exploit, remote, activex, proof of concept
systems | linux
MD5 | bdd9cbfc1d8fd0e77ab4e70228ce55c6
Pandora FMS 4.0.1 Local File Inclusion
Posted Feb 17, 2012
Authored by longrifle0x | Site vulnerability-lab.com

Pandora FMS version 4.0.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 44efebf7bc3998f6b05a6fc76be4cfce
Adobe FMS 3.5.6 / 4.0.2 Denial Of Service
Posted Oct 13, 2011
Authored by Knud | Site nsense.fi

nSense Vulnerability Research Security Advisory - Adobe Flash Media Servers (FMS) versions 3.5.6 and below and 4.0.2 and below suffer from a denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2011-2132
MD5 | 23a956a7ad381717f9d1fb6744195484
Pandora FMS 3.2.1 Cross Site Scripting
Posted Aug 19, 2011
Authored by Mehdi Boukazoula

Pandora FMS version 3.2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b2993967117596e78598a1b939725aff
Secunia Security Advisory 45319
Posted Jul 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle PeopleSoft Enterprise Financial Management Solutions (FMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory
MD5 | c28cdaa017fe4a48fe92329d3327280c
Secunia Security Advisory 45207
Posted Jul 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Pandora FMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 4ee9aaf56f1e59d244865153cf7ba8af
Pandora FMS 3.2.1 Cross Site Request Forgery
Posted Jul 13, 2011
Authored by Mehdi Boukazoula

Pandora FMS versions 3.2.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 90dad6c50db61c8bd8ee7d344e6a75d1
Secunia Security Advisory 42347
Posted Dec 1, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and multiple vulnerabilities have been discovered in Pandora FMS, which can be exploited by malicious users to conduct SQL injection attacks, disclose potentially sensitive information, and compromise a vulnerable system and by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, vulnerability, sql injection
MD5 | 5f575893ec91b41306103447b751c03e
Page 1 of 2
Back12Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close