This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.
386fa43dc27bca19440cf9b03bd04679Microsoft Internet Explorer mshtml.dll remote code execution exploit that leverages the issue noted in MS17-007.
04bead025498e88c5d1fc110b8108728Apple Security Advisory 2017-07-19-7 - iCloud for Windows 6.2.2 is now available and addresses information disclosure, code execution, and various other vulnerabilities.
4f380c77e8e99020d7e7e86a74e6ebaeApple Security Advisory 2017-07-19-6 - iTunes 12.6.2 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
fff71b887019a0188bc4405b1923235dVirtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
8369a81037615f726ea8562ceb9f8e70SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
4fd64fa016fa5e25eb328a8cf4cbe71dApple Security Advisory 2017-07-19-4 - tvOS 10.2.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
4f066bec91e8241104ce852a7eb1146aApple Security Advisory 2017-07-19-2 - macOS 10.12.6 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
ab1fccb72cc38d3e81f21dd4540e1ae3Apple Security Advisory 2017-07-19-1 - iOS 10.3.3 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
8c0895fdc3becd88ea61b4c102a0c59bCisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue.
3d75aff532e38b6b2a6184d2c0b2e44dCounter Strike: Condition Zero .BSP map file code execution exploit.
60cf38b1bf5d77a322b766592b2b1fa3Apache Struts 2.3.x Showcase remote code execution proof of concept exploit.
b127e7bfe5e4cb4867bb2f3d6c8b1d64HP Security Bulletin HPESBGN03763 1 - Potential security vulnerabilities have been identified in HPE SiteScope. The vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution. Revision 1 of this advisory.
dc314fbc75a2d130657f6959ec35b3d9Microsoft Windows versions 7, 8.1, 2008 R2, 2012 R2, and 2016 R2 EternalBlue SMB remote code execution exploit that leverages the issue noted in MS17-0101.
a8dcb06deac0f2e6a77e10a458a2c807Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.
f60def224c0da5db858f33bf6eef0e47HP Security Bulletin HPESBNS03755 1 - HPE NonStop Server using Samba is vulnerable to remote code execution and remote access restriction bypass. Revision 1 of this advisory.
6ce75c5c108a7bf07db88659287115b8HP Security Bulletin HPSBMU02933 3 - A potential security vulnerability has been identified with HPE SiteScope's loadFileContents SOAP features. The vulnerabilities could be exploited to allow remote code execution, arbitrary file download and Denial of Service (DoS). Revision 3 of this advisory.
b46d2429d4e90e14ac66308021a9d4e2Lepide Auditor Suite suffers from a createdb() web console database injection remote code execution vulnerability.
c321780097e33a5c5eef179bd4d418c0OpenDreamBox version 2.0.0 suffers from a remote code execution vulnerability in the WebAdmin plugin.
f918f00248ddecb3c503ab86d599f958BestSafe Browser FREE NoAds version 3 suffers from a remote code execution vulnerability.
f6b9ad096476f787dcda95571f3a8e1aeVestigator Forensic PenTester version 1 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
1026ab73e1c8dc9717575cafe71f9fdbKaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
834309bd7c681fce682800c2b27a31c0VASA Provider Virtual Appliance versions prior to 8.3.x may potentially be vulnerable to an unauthenticated remote code execution vulnerability. An unauthenticated remote attacker could upload a malicious file to run arbitrary code on the system with root privileges.
7a04bf5491d9f34fb55f1d0f811bed79This exploit leverages an MTA handler remote code execution vulnerability in Microsoft Word.
85fe06cb7ff43ba872bc7b0a4c7dd68fDebian Linux Security Advisory 3893-1 - Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.
b8ba5a4ab403058f5b4a58ef979ff381
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed