Wireless Repeater BE126 suffers from a remote code execution vulnerability.
Source: Wireless Repeater BE126 Remote Code Execution
The post Wireless Repeater BE126 Remote Code Execution appeared first on MondoUnix.
This Metasploit module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the ‘rmfile’ command. This Metasploit module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727). Source: QNAP Transcode Server Command Execution
The post QNAP Transcode Server Command Execution appeared first on MondoUnix.
Automated Logic WebCTRL version 6.5 suffers from an unrestricted file upload vulnerability that allows for remote code execution.
Source: Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
The post Automated Logic WebCTRL 6.5 Un…
This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The ‘welcomeServer’ SOAP service does not properly validate user input in the ‘new_home_page’ parameter of the ‘saveHomePage’ method allowing arbitrary PHP code to be written to the config.php file. The config.php […]
The post IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution appeared first on MondoUnix.
This Metasploit module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs() Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL() function allows an attacker to execute local files on the file system and bypass the security dialog Note: This is […]
The post Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution appeared first on MondoUnix.
IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field.
Source: IPFire proxy.cgi Remote Code Execution
The post IPF…
This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user’s password supplied using HTTP basic authentication is used in a […]
The post VICIdial user_authorization Unauthenticated Command Execution appeared first on MondoUnix.
This Metasploit module connects to a specified Metasploit RPC server and uses the ‘console.write’ procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1. Source: […]
The post Metasploit RPC Console Command Execution appeared first on MondoUnix.
iSmartAlarm CubeOne suffers from a remote command execution vulnerability that allows disabling the alarm and setting it off.
Source: iSmartAlarm CubeOne Remote Command Execution
The post iSmartAlarm CubeOne Remote Command Execution appeared first on M…
Counter Strike: Condition Zero .BSP map file code execution exploit.
Source: Counter Strike: Condition Zero Code Execution
The post Counter Strike: Condition Zero Code Execution appeared first on MondoUnix.
