Categoria: exploit

QNAP Transcode Server Command Execution
29 08
Pubblicato in command Nessun commento

QNAP Transcode Server Command Execution

This Metasploit module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the ‘rmfile’ command. This Metasploit module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727). Source: QNAP Transcode Server Command Execution

The post QNAP Transcode Server Command Execution appeared first on MondoUnix.

WebClientPrint Processor 2.0.15.109 Unauthorized Proxy Modification
23 08
Pubblicato in exploit Nessun commento

WebClientPrint Processor 2.0.15.109 Unauthorized Proxy Modification

RedTeam Pentesting discovered that attackers can configure a proxy host and port to be used when fetching print jobs with WebClientPrint Processor (WCPP). This proxy setting may be distributed via specially crafted websites and is set without any user interaction as soon as the website is accessed. Version 2.0.15.109 is affected. Source: WebClientPrint Processor 2.0.15.109 […]

The post WebClientPrint Processor 2.0.15.109 Unauthorized Proxy Modification appeared first on MondoUnix.

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
22 08
Pubblicato in bypass Nessun commento

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

This Metasploit module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. […]

The post Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) appeared first on MondoUnix.

VMware VDP Known SSH Key
22 08
Pubblicato in exploit Nessun commento

VMware VDP Known SSH Key

VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password.
Source: VMware VDP Known SSH Key
The post VMware VDP Known SSH Key appeared first on MondoUnix.

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution
22 08
Pubblicato in execution Nessun commento

IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution

This Metasploit module exploits an unauthenticated remote PHP code execution vulnerability in IBM OpenAdmin Tool included with IBM Informix versions 11.5, 11.7, and 12.1. The ‘welcomeServer’ SOAP service does not properly validate user input in the ‘new_home_page’ parameter of the ‘saveHomePage’ method allowing arbitrary PHP code to be written to the config.php file. The config.php […]

The post IBM OpenAdmin Tool SOAP welcomeServer PHP Code Execution appeared first on MondoUnix.