This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.
f21104622ef288e328fae776f93497a0Carel PlantVisor version 2.4.4 suffers from a directory traversal vulnerability.
53c47349d004a5da5be6c028fec32469This Metasploit module exploits a flaw found in Indusoft Web Studio versions 7.1 and below before SP2 Patch 4. This specific flaw allows users to browse outside of the webroot to download files found on the underlying system.
16f7cb4a150432863c9bfba04db5b70aThis Metasploit module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft versions 2.1.1.1 and below. The vulnerability is triggered when sending a specially crafted GET request to the server. The location parameter of the GET request is not sanitized and the sendCommand.php script will automatically pull down any file requested
7ead626f719b2712cc6f6e65a79e2c9fLIFE SISTEMAS CMS suffers from a directory traversal vulnerability.
fcf18dd822df0ed672bf0cff3f598547JGI CMS version 1.0 suffers from a directory traversal vulnerability.
be892befef82a66cb3a045ec3df6749aWiseGiga NAS suffers from cross site request forgery, local file inclusion, command execution, and default credential vulnerabilities.
047939def71293ad9bd51f3067e33736Huawei HG255s suffers from a directory traversal vulnerability.
adeb025562e7f5dd4093670510800427Ultimate HR System versions 1.2 and below suffer from cross site scripting and directory traversal vulnerabilities.
7ef8c382c84bd564a779cefd35abf93aPhilex CMS version 0.2 suffers from a directory traversal vulnerability.
2506b9c0aa524dc31cfbd3aa844da9b1ClipBucket version2.8.3 suffers from remote SQL injection, arbitrary file read/write, and default credential vulnerabilities.
ad009dbfbe414a249ac5f206ca71f955This Metasploit module exploits an information disclosure vulnerability found in Advantech SUSIAccess versions 3.0 and below. The vulnerability is triggered when sending a GET request to the server with a series of dot dot slashes (../) in the file parameter.
b99b70a5c20733224e88b86d90cc3957Cisco DDR2200 and 2201v1 ADSL2+ Residential Gateway devices suffer from insecure direct object reference vulnerabilities that allow for remote code execution as well as a path traversal issue.
3d75aff532e38b6b2a6184d2c0b2e44dCMS Made Simple versions 2.2.1 and below suffers from a local inclusion vulnerability.
b3f295af95e08dea0b4737419f60d4dbWordPress Photo Gallery plugin versions 1.3.34 and 1.3.42 suffer from a path traversal vulnerability.
e233d580717e45da84a27f5bb6456e20Aerohive AP340 HiveOS versions prior to 6.1r5 suffers from a local file inclusion vulnerability that allows for remote code execution.
23f7f0efaf290260644702d2fc4ec176Robert version 0.5 suffers from cross site request forgery, cross site scripting, remote SQL injection, and directory traversal vulnerabilities.
cfd060cdd873a90420373f8cc4f97108uc-httpd suffers from local file inclusion and directory traversal vulnerabilities.
1ea3e2779de86530c91d5d4ec0c8c541Western Digital TV Media Player version 1.03.07 suffers from file upload, local file inclusion, cross site request forgery, private key issue, remote SQL injection, and other vulnerabilities.
25bbe7a316a961b85fad5f438278159aASUS routers suffer from cross site request forgery and information disclosure vulnerabilities. Versions affected include RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC88U, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC53U, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300, RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), and RT-N66W.
3d95db7d42745579a0c76b4da4866297fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in web applications.
c521918aff624c30203b6f8679f04c80Alerton Webtalk versions 2.5 and 3.3 suffer from cross site request forgery, password hash disclosure, command injection, and login flow vulnerabilities.
6e847214fd97cdfd1149ec741c350114Trend Micro Threat Discovery Appliance versions 2.6.1062r1 and below suffer from a logoff.cgi directory traversal authentication bypass vulnerability.
e64dcba98301f1ab384f8984e9224a9bCoppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.
dda5a509b6541344f2cf734ab2ab3028uc-httpd is an HTTP daemon used by a wide array of IoT devices and is vulnerable to local file inclusion and directory traversal bugs.
4dbd99715c3ee94349afae497d07d4cf
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed