remo PhreeBooks ERP 5.2.5 Remote Command Execution By packetstormsecurity.com Published On :: Tue, 05 May 2020 20:47:47 GMT PhreeBooks ERP version 5.2.5 suffers from a remote command execution vulnerability. Full Article
remo Kentico CMS 12.0.14 Remote Command Execution By packetstormsecurity.com Published On :: Wed, 06 May 2020 14:59:11 GMT This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution. Full Article
remo Google Will Remove Trust Of Symantec's PCA3-G1 Certificate By packetstormsecurity.com Published On :: Tue, 15 Dec 2015 01:05:58 GMT Full Article headline privacy google symantec cryptography
remo Symantec Tricked Into Removing Legit Certificates By Security Researcher By packetstormsecurity.com Published On :: Fri, 21 Jul 2017 16:54:21 GMT Full Article headline hacker symantec cryptography
remo Cisco / WebEx Flaws Offer Up Remote Code Execution By packetstormsecurity.com Published On :: Thu, 16 May 2019 22:53:07 GMT Full Article headline hacker flaw cisco
remo HC10 HC.Server Service 10.14 Remote Invalid Pointer Write By packetstormsecurity.com Published On :: Mon, 17 Jun 2019 17:03:28 GMT The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10. Full Article
remo Prestashop 1.7.6.4 XSS / CSRF / Remote Code Execution By packetstormsecurity.com Published On :: Fri, 17 Apr 2020 21:26:17 GMT Prestashop versions 1.7.6.4 and below suffer from code execution, cross site request forgery, and cross site scripting vulnerabilities. Full Article
remo Cisco Data Center Network Manager Unauthenticated Remote Code Execution By packetstormsecurity.com Published On :: Mon, 02 Sep 2019 18:04:06 GMT DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why). Full Article
remo FileThingie 2.5.7 Remote Shell Upload By packetstormsecurity.com Published On :: Tue, 03 Sep 2019 23:16:53 GMT FileThingie version 2.5.7 suffers from a remote shell upload vulnerability. Full Article
remo Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution By packetstormsecurity.com Published On :: Tue, 12 Nov 2019 17:10:03 GMT Linear eMerge E3 versions 1.00-06 and below arbitrary file upload remote root code execution exploit. Full Article
remo Optergy 2.3.0a Remote Root By packetstormsecurity.com Published On :: Tue, 12 Nov 2019 18:44:20 GMT Optergy versions 2.3.0a and below authenticated file upload remote root code execution exploit. Full Article
remo PHP-FPM 7.x Remote Code Execution By packetstormsecurity.com Published On :: Thu, 05 Mar 2020 21:03:50 GMT This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code (see refs). First, it detects the correct parameters (Query String Length and custom header length) needed to trigger code execution. This step determines if the target is actually vulnerable (Check method). Then, the exploit sets a series of PHP INI directives to create a file locally on the target, which enables code execution through a query string parameter. This is used to execute normal payload stagers. Finally, this module does some cleanup by killing local PHP-FPM workers (those are spawned automatically once killed) and removing the created local file. Full Article
remo rConfig 3.93 Authenticated Remote Code Execution By packetstormsecurity.com Published On :: Wed, 11 Mar 2020 18:22:22 GMT rConfig version 3.93 suffers from an authenticated ajaxAddTemplate.php remote code execution vulnerability. Full Article
remo rConfig 3.9.4 Remote Command Injection By packetstormsecurity.com Published On :: Mon, 23 Mar 2020 16:08:06 GMT rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability. Full Article
remo Pandora FMS 7.0NG Remote Code Execution By packetstormsecurity.com Published On :: Fri, 03 Apr 2020 14:17:41 GMT Pandora FMS version 7.0NG suffers from a net_tools.php remote code execution vulnerability. Full Article
remo Pandora FMS Ping Authenticated Remote Code Execution By packetstormsecurity.com Published On :: Mon, 06 Apr 2020 18:57:47 GMT This Metasploit module exploits a vulnerability found in Pandora FMS 7.0NG and lower. net_tools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands. Full Article
remo ThinkPHP 5.0.23 Remote Code Execution By packetstormsecurity.com Published On :: Tue, 14 Apr 2020 15:47:20 GMT This Metasploit module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of the software. Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub. Full Article
remo CentOS-WebPanel.com Control Web Panel 0.9.8.836 Remote Command Execution By packetstormsecurity.com Published On :: Mon, 05 Aug 2019 20:52:30 GMT CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability. Full Article
remo rConfig 3.9.4 searchField Remote Code Execution By packetstormsecurity.com Published On :: Sat, 28 Mar 2020 14:30:26 GMT rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit. Full Article
remo Vesta Control Panel Authenticated Remote Code Execution By packetstormsecurity.com Published On :: Mon, 06 Apr 2020 19:03:23 GMT This Metasploit module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed. Full Article
remo Vesta Control Panel Authenticated Remote Code Execution By packetstormsecurity.com Published On :: Tue, 14 Apr 2020 15:50:37 GMT This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. Full Article
remo TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution By packetstormsecurity.com Published On :: Wed, 15 Apr 2020 18:58:49 GMT This Metasploit module exploits a command injection vulnerability in the tdpServer daemon (/usr/bin/tdpServer), running on the router TP-Link Archer A7/C7 (AC1750), hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability can only be exploited by an attacker on the LAN side of the router, but the attacker does not need any authentication to abuse it. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team. Full Article
remo Liferay Portal Java Unmarshalling Remote Code Execution By packetstormsecurity.com Published On :: Wed, 15 Apr 2020 18:57:25 GMT This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1. Full Article
remo Nexus Repository Manager 3.21.1-01 Remote Code Execution By packetstormsecurity.com Published On :: Thu, 16 Apr 2020 15:37:25 GMT This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. Full Article
remo netkit-telnet 0.17 Remote Code Execution By packetstormsecurity.com Published On :: Thu, 05 Mar 2020 20:57:43 GMT netkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit. Full Article
remo Sagemcom Fast 3890 Remote Code Execution By packetstormsecurity.com Published On :: Tue, 14 Jan 2020 15:51:01 GMT This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection. Full Article
remo Yes, You Can Remotely Hack Factory, Building Site Cranes. Wait, What? By packetstormsecurity.com Published On :: Wed, 16 Jan 2019 13:35:32 GMT Full Article headline hacker flaw scada
remo NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download By packetstormsecurity.com Published On :: Tue, 23 Jan 2018 04:51:52 GMT NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file 'config.gz' or 'config.pcpx' that contains the unencrypted data file 'conf.pcpn', can be downloaded by an attacker from the root directory if previously generated by a privileged user. Full Article
remo NagiosXI 5.6 Remote Command Execution By packetstormsecurity.com Published On :: Wed, 08 Apr 2020 16:30:28 GMT This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6. Full Article
remo Symantec Web Gateway 5.0.2.8 Remote Command Execution By packetstormsecurity.com Published On :: Wed, 08 Apr 2020 16:33:55 GMT This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8. Full Article
remo NagiosXI 5.6.11 Remote Command Execution By packetstormsecurity.com Published On :: Wed, 08 Apr 2020 16:36:48 GMT This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11. Full Article
remo ManageEngine 14 Remote Code Execution By packetstormsecurity.com Published On :: Wed, 08 Apr 2020 16:39:26 GMT This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14. Full Article
remo Symantec Web Gateway 5.0.2.8 Remote Code Execution By packetstormsecurity.com Published On :: Wed, 08 Apr 2020 16:44:54 GMT This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8. Full Article
remo Blind CreateRemoteThread Privilege Escalation By packetstormsecurity.com Published On :: Mon, 04 May 2020 17:21:40 GMT Whitepaper called Blind CreateRemoteThread Privilege Escalation. Full Article
remo Oracle WebLogic 12.1.2.0 Remote Code Execution By packetstormsecurity.com Published On :: Mon, 09 Jul 2018 13:11:11 GMT Oracle WebLogic version 12.1.2.0 RMI registry UnicastRef object java deserialization remote code execution exploit. Full Article
remo IQrouter 3.3.1 Remote Code Execution By packetstormsecurity.com Published On :: Tue, 21 Apr 2020 13:52:30 GMT IQrouter firmware version 3.3.1 suffers from a remote code execution vulnerability. Full Article
remo NSClient++ 0.5.2.35 Authenticated Remote Code Execution By packetstormsecurity.com Published On :: Tue, 21 Apr 2020 14:03:42 GMT NSClient++ version 0.5.2.35 suffers from an authenticated remote code execution vulnerability. Full Article
remo Edimax EW-7438RPn 1.13 Remote Code Execution By packetstormsecurity.com Published On :: Fri, 24 Apr 2020 14:36:26 GMT Edimax EW-7438RPn version 1.13 suffers from a remote code execution vulnerability. Full Article
remo Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution By packetstormsecurity.com Published On :: Fri, 24 Apr 2020 14:40:45 GMT Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit. Full Article
remo School ERP Pro 1.0 Remote Code Execution By packetstormsecurity.com Published On :: Wed, 29 Apr 2020 15:32:10 GMT School ERP Pro version 1.0 suffers from a remote code execution vulnerability. Full Article
remo Open-AudIT Professional 3.3.1 Remote Code Execution By packetstormsecurity.com Published On :: Wed, 29 Apr 2020 15:43:06 GMT Open-AudIT Professional version 3.3.1 suffers from a remote code execution vulnerability. Full Article
remo SimplePHPGal 0.7 Remote File Inclusion By packetstormsecurity.com Published On :: Tue, 05 May 2020 20:49:23 GMT SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability. Full Article
remo Saltstack 3000.1 Remote Code Execution By packetstormsecurity.com Published On :: Tue, 05 May 2020 20:59:22 GMT Saltstack version 3000.1 suffers from a remote code execution vulnerability. Full Article
remo ManageEngine Asset Explorer Windows Agent Remote Code Execution By packetstormsecurity.com Published On :: Fri, 08 May 2020 19:56:17 GMT The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected. Full Article
remo Cisco UCS Director Unauthenticated Remote Code Execution By packetstormsecurity.com Published On :: Mon, 02 Sep 2019 18:11:07 GMT The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one, CVE-2019-1936, is a command injection in a password change form, that allows the attacker to inject commands that will execute as root. This module combines both vulnerabilities to achieve the unauthenticated command injection as root. It has been tested with Cisco UCS Director virtual machines 6.6.0 and 6.7.0. Note that Cisco also mentions in their advisory that their IMC Supervisor and UCS Director Express are also affected by these vulnerabilities, but this module was not tested with those products. Full Article
remo Cisco Content Security Virtual Appliance M380 IronPort Remote Cross Site Host Modification By packetstormsecurity.com Published On :: Mon, 09 Sep 2019 23:12:10 GMT Cisco Content Security Virtual Appliance M380 IronPort remote cross site host modification demo exploit. Full Article
remo Cisco Discovery Protocol (CDP) Remote Device Takeover By packetstormsecurity.com Published On :: Wed, 05 Feb 2020 17:05:56 GMT Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices. Full Article
remo Cisco Data Center Network Manager 11.2 Remote Code Execution By packetstormsecurity.com Published On :: Thu, 06 Feb 2020 17:45:40 GMT Cisco Data Center Network Manager version 11.2 remote code execution exploit. Full Article
remo Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak By packetstormsecurity.com Published On :: Mon, 17 Feb 2020 17:43:13 GMT An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224. Full Article
remo GitLab Awards Researcher $20,000 For Remote Code Execution Bug By packetstormsecurity.com Published On :: Wed, 29 Apr 2020 15:28:19 GMT Full Article headline hacker flaw patch