This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.06 and below via shell metacharacters in the Event parameter at vulnerable endpoint include/makecvs.php during CSV creation. Any unauthenticated user can therefore execute commands on the system under the same privileges as the web application, which typically runs under root at the TerraMaster Operating System.
8935d1e9f61d6f9eb3550ec44e1a8a5d97992b91e55a7456ae2af009097db539pfBlockerNG version 2.1.4_26 remote code execution exploit.
4ac7bffe74c29e0dabbff18d552da8d3e73678fb8ed2b4a6a73be8d67499aebcThis Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.
4189e967b6b81ffffd850d9ece99fb550a29985985f2bcf2dcb9de105fffe02cpfBlockerNG version 2.1.4_26 unauthenticated remote shell upload exploit.
1d7eee5bc1593b474c54a3d280da28d67551d6ae08d22fa5a7a679595e50b007This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
1ca4ee63f6107490fe17d396df7f0153a5c29930a496321ceec2101872db5321TerraMaster TOS version 4.2.06 unauthenticated remote code execution exploit.
786b3e02ded0b491ccd7dbfa6dd55166637cec7a46e2e67caf487375718fdc42eFront versions 3.6.9 and below suffer from remote SQL injection, authentication bypass, and default credential vulnerabilities.
aefe030445dc4bcb2dfa045d31d290d0aa40a079be3b8cf12a26783b16de5e9cWordPress e-Commerce component versions 3.8.4 and below suffer from a remote SQL injection vulnerability.
46fd9bfdf0f43fd77dcc35dcc0a07c44cd29f8484e5661fcfa428a3b99da8140WordPress bSuite component versions 4.0.7 and below suffer from a persistent cross site scripting vulnerability.
702a67d37f8b156f89233911166cb93734573ecaeadf5a3ff89aba3f039a3a2eWhitepaper called Blind SQL Injection with Regular Expressions Attack.
167010ab38c65a1b629b2eb5767870004cb391e155573d9cd652fbf5476b540fSMBind versions 0.4.7 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
0da84d92d29133b3f50b81dffd38845ce1e493b4b43e77fddb677151dfde6607WebJaxe version 1.01 suffers from a remote SQL injection vulnerability.
baf76c8040676580965fd4bafce665fcdeb81996c205eb23fb1738f37dde0430ChillyCMS suffers from a remote blind SQL injection vulnerability.
980b85d1f7afe339d2817dd89e7104b182c21a62aeb259f2c75e6d8082c63503TS Special Edition versions 7.0 and below suffer from multiple disclosure vulnerabilities.
a8f644205955ebcb8f55e9fd34e72fb520b99c78fdc7c8ba13630a092451e3abCMS Made Simple versions 1.6.2 and below suffer from a local file disclosure vulnerability.
e1f75ca3639a9a2acd26c0bbe1910446e0d9fee255d4bd761931eda2c1ef8266Whitepaper called Don't Trust In Technology. Written in Italian.
d2906d3113ef8d8b529020b8406551b2c8d905ae85b032194ee6ee467477c9baphpFullAnnu version 6.0 suffers from a remote SQL injection vulnerability.
c73afb2e15ac32ad94eafe50d378f6d490a57f829113a00c457e8327e73faaecClansphere 2007.4 suffers from a SQL injection vulnerability.
c67c580183912ac663e02568f6f6a2068dd0794f790055fcadc892506c91774bMicro CMS version 3.5 suffers from a remote SQL injection vulnerability in revert-content.php.
c29d3299c76a688d56a44f0befb8be133a6472bdffbdcfef90f51baefdf48ed0WebChat version 0.78 suffers from a remote SQL injection vulnerability in login.php.
f9c0c2ae4469d42a69bf90751a7d343a58078a269d724bc6090f07149ced2a7cvbPortal versions 3.0.2 through 3.6.0 Beta 1 remote command execution exploit.
4f2b44e725163b4c26557b24e85f64feba296b6146d6e0c0715430e622688184
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed