accadmin Pubblicato in execution Nessun commento

Trend Micro OfficeScan Remote Code Execution

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented […]

The post Trend Micro OfficeScan Remote Code Execution appeared first on MondoUnix.

10 10

accadmin Pubblicato in Apache Nessun commento

Apache Tomcat Upload Bypass / Remote Code Execution

Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.
Source: Apache Tomcat Upload Bypass / Remote Code Execution
The post Apache Tomcat Upload Bypass / Remote Code Execution appeared firs…

7 10

accadmin Pubblicato in execution Nessun commento

OrientDB 2.2.x Remote Code Execution

This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.
Source: OrientDB 2.2.x Remote Code Execution
The post OrientDB 2.2.x Remote Code Executio…

4 10

accadmin Pubblicato in command Nessun commento

Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution

Netgear ReadyNAS Surveillance version 1.4.3-16 suffers from a remote command execution vulnerability.
Source: Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution
The post Netgear ReadyNAS Surveillance 1.4.3-16 Remote Command Execution appea…

28 09

accadmin Pubblicato in command Nessun commento

Git cvsserver Remote Command Execution

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.1…

27 09

accadmin Pubblicato in attack Nessun commento

Remote Wi-Fi Attack Backdoors iPhone 7

Source: Remote Wi-Fi Attack Backdoors iPhone 7
The post Remote Wi-Fi Attack Backdoors iPhone 7 appeared first on MondoUnix.

25 09

accadmin Pubblicato in authenticated Nessun commento

Supervisor XML-RPC Authenticated Remote Code Execution

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. […]

The post Supervisor XML-RPC Authenticated Remote Code Execution appeared first on MondoUnix.

23 09

accadmin Pubblicato in application Nessun commento

DenyAll Web Application Firewall Remote Code Execution

This Metasploit module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.
Source: DenyAll Web Application Firewall Remote Code…

15 09

accadmin Pubblicato in astaro Nessun commento

Astaro Security Gateway 7 Remote Code Execution

Astaro Security Gateway 7 suffers from a remote code execution vulnerability.
Source: Astaro Security Gateway 7 Remote Code Execution
The post Astaro Security Gateway 7 Remote Code Execution appeared first on MondoUnix.

15 09

accadmin Pubblicato in dir8xx Nessun commento

D-Link DIR8xx Remote Root Code Execution

D-Link DIR8xx routers suffers from a remote root code execution vulnerability.
Source: D-Link DIR8xx Remote Root Code Execution
The post D-Link DIR8xx Remote Root Code Execution appeared first on MondoUnix.

Accademia dell'hardware e del software libero Adriano Olivetti

Il pensiero olivetti è in linea perfetta con i concetti del software e dell'hardware libero

Categoria: remote