remote

rConfig 3.9.4 searchField Remote Code Execution

rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.




remote

Vesta Control Panel Authenticated Remote Code Execution

This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.




remote

Vesta Control Panel Authenticated Remote Code Execution

This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user.




remote

TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution

This Metasploit module exploits a command injection vulnerability in the tdpServer daemon (/usr/bin/tdpServer), running on the router TP-Link Archer A7/C7 (AC1750), hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability can only be exploited by an attacker on the LAN side of the router, but the attacker does not need any authentication to abuse it. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team.




remote

Liferay Portal Java Unmarshalling Remote Code Execution

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.




remote

Nexus Repository Manager 3.21.1-01 Remote Code Execution

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.




remote

netkit-telnet 0.17 Remote Code Execution

netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.




remote

Sagemcom Fast 3890 Remote Code Execution

This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.




remote

Yes, You Can Remotely Hack Factory, Building Site Cranes. Wait, What?




remote

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user.




remote

NagiosXI 5.6 Remote Command Execution

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.




remote

Symantec Web Gateway 5.0.2.8 Remote Command Execution

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.




remote

NagiosXI 5.6.11 Remote Command Execution

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.




remote

ManageEngine 14 Remote Code Execution

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.




remote

Symantec Web Gateway 5.0.2.8 Remote Code Execution

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8.




remote

Blind CreateRemoteThread Privilege Escalation

Whitepaper called Blind CreateRemoteThread Privilege Escalation.




remote

Oracle WebLogic 12.1.2.0 Remote Code Execution

Oracle WebLogic version 12.1.2.0 RMI registry UnicastRef object java deserialization remote code execution exploit.




remote

IQrouter 3.3.1 Remote Code Execution

IQrouter firmware version 3.3.1 suffers from a remote code execution vulnerability.




remote

NSClient++ 0.5.2.35 Authenticated Remote Code Execution

NSClient++ version 0.5.2.35 suffers from an authenticated remote code execution vulnerability.




remote

Edimax EW-7438RPn 1.13 Remote Code Execution

Edimax EW-7438RPn version 1.13 suffers from a remote code execution vulnerability.




remote

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution

Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.




remote

School ERP Pro 1.0 Remote Code Execution

School ERP Pro version 1.0 suffers from a remote code execution vulnerability.




remote

Open-AudIT Professional 3.3.1 Remote Code Execution

Open-AudIT Professional version 3.3.1 suffers from a remote code execution vulnerability.




remote

SimplePHPGal 0.7 Remote File Inclusion

SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.




remote

Saltstack 3000.1 Remote Code Execution

Saltstack version 3000.1 suffers from a remote code execution vulnerability.




remote

ManageEngine Asset Explorer Windows Agent Remote Code Execution

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.




remote

Cisco UCS Director Unauthenticated Remote Code Execution

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products.




remote

Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification

Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit.




remote

Cisco Discovery Protocol (CDP) Remote Device Takeover

Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.




remote

Cisco Data Center Network Manager 11.2 Remote Code Execution

Cisco Data Center Network Manager version 11.2 remote code execution exploit.




remote

Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak

An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.




remote

GitLab Awards Researcher $20,000 For Remote Code Execution Bug




remote

PHP imap_open Remote Code Execution

The imap_open function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imap_open to execute arbitrary commands. While many custom applications may use imap_open, this exploit works against the following applications: e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use. Prestashop exploitation requires the admin URI, and administrator credentials. suiteCRM/e107/hostcms require administrator credentials.




remote

Nagios XI Authenticated Remote Command Execution

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.




remote

Samsung Android Remote Code Execution

Samsung Android suffers from multiple interaction-less remote code execution vulnerabilities as well as other remote access issues in the Qmage image codec built into Skia.




remote

HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.




remote

HP Data Protector Encrypted Communication Remote Command Execution

This Metasploit module exploits a well known remote code execution exploit after establishing encrypted control communications with a Data Protector agent. This allows exploitation of Data Protector agents that have been configured to only use encrypted control communications. This exploit works by executing the payload with Microsoft PowerShell so will only work against Windows Vista or newer. Tested against Data Protector 9.0 installed on Windows Server 2008 R2.




remote

Transferable Remote 1.1 XSS / LFI / Command Injection

Transferable Remote version 1.1 for iPad and iPhone suffers from cross site scripting, remote command injection, and local file inclusion vulnerabilities.




remote

qdPM Remote Code Execution

qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.




remote

Cacti 1.2.8 Unauthenticated Remote Code Execution

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.




remote

Centreon Poller Authenticated Remote Command Execution

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands are used by the additional modules (to perform certain actions), by the scheduler for data processing, etc. This module uses this functionality to obtain a remote shell on the target.




remote

IBM Data Risk Manager 2.0.3 Remote Code Execution

IBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed by a command injection as the server user, and finally abuse of an insecure default password. This module exploits all three vulnerabilities, giving the attacker a root shell. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.




remote

Webmin 1.900 Remote Command Execution

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.




remote

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Remote Code Execution

devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.




remote

Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.




remote

D-Link DIR-859 Unauthenticated Remote Command Execution

D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.





remote

New Remote Bug in OpenSSH v3.3 and Below




remote

Remote Chinese region looks to set new clean-power record

A sparsely populated Chinese province that’s home to the headwaters of the Yangtze and Yellow rivers is attempting to set a new record for clean energy use, serving as a test bed for the entire country.




remote

Remote Chinese region looks to set new clean-power record

A sparsely populated Chinese province that’s home to the headwaters of the Yangtze and Yellow rivers is attempting to set a new record for clean energy use, serving as a test bed for the entire country.