Vulnerability & Exploit Database

Displaying module details 11 - 20 of 3178 in total

Advantech WebAccess Dashboard Viewer Arbitrary File Upload Exploit

Disclosed: February 05, 2016

This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAc...

NETGEAR ProSafe Network Management System 300 Arbitrary File Upload Exploit

Disclosed: February 04, 2016

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file upload vulnerability that can be exploited by an unauthenticated remote attacker to execute code as the SYSTEM user. Two servlets are vulnerable, FileUploadController (located at /lib-1.0/external/flas...

NETGEAR ProSafe Network Management System 300 Authenticated File Download Exploit

Disclosed: February 04, 2016

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system.. This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.

Fortinet SSH Backdoor Scanner Exploit

Disclosed: January 09, 2016

This module scans for the Fortinet SSH backdoor.

PostgreSQL CREATE LANGUAGE Execution Exploit

Disclosed: January 01, 2016

Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is u...

Android ADB Debug Server Remote Payload Execution Exploit

Disclosed: January 01, 2016

Writes and spawns a native payload on an android device that is listening for adb debug messages.

D-Link DCS-930L Authenticated Remote Command Execution Exploit

Disclosed: December 20, 2015

The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.

Juniper SSH Backdoor Scanner Exploit

Disclosed: December 20, 2015

This module scans for the Juniper SSH backdoor (also valid on Telnet). Any username is required, and the password is <<< %s(un='%s') = %u.

Telisca IPS Lock Cisco IP Phone Control Exploit

Disclosed: December 17, 2015

This module allows an unauthenticated attacker to exercise the "Lock" and "Unlock" functionality of Telisca IPS Lock for Cisco IP Phones. This module should be run in the VoIP VLAN, and requires knowledge of the target phone's name (for example, SEP002497AB1D4B). Set ACTION to either LOCK or UNLOCK. UNLOCK is the...

IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service Exploit

Disclosed: December 15, 2015

This module exploits a denial of service condition present in IBM Tivoli Storage Manager FastBack Server when dealing with packets triggering the opcode 0x534 handler.