This Metasploit module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC (0xff) bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for remote code execution.
abed1f5c04a53ec53d5c8c7b407c490b68fdb3bae004065e4060e14c0df5f32a
Moxa TN-5900 versions 3.1 and below suffer from an issue where a user who has authenticated to the management web application is able to leverage a command injection vulnerability in the p12 processing code of the certificate management function web_CERMGMTUpload.
35bd8ec3c5b38937aa9d5775e8ed2feaacd3dfed7c92d6ae96cb03bf16903bcb
Moxa TN-5900 versions 3.1.0 and below use an insecure method to validate firmware updates. A malicious user with access to the management interface can upload arbitrary code in a crafted
2ac55dc0e94a52eae63ae9272eda3788cbe1002c37fa22d4db10498c8ab74404
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images.
ce155e50978552faf0e472116a9c5ce4f975a3420fd6632369708f93d1554c2a
The Cellebrite UFED Physical device relies on key material hardcoded within both the executable code supporting the decryption process and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software and does not appear to be changed with each new build. It is possible to reconstruct the decryption process
8e1693c954c2b9222de10e46717620d6631dc916f4d2bd744336668d271dbc33
Cellebrite UFED device implements local operating system policies that can be circumvented to obtain a command prompt. From there privilege escalation is possible using public exploits. Versions 5.0 through 7.5.0.845 are affected.
202a3e49b06ab6981d9b3b6aaf73e839d47d6ee0fd59c7be3f7bd017a0f6dd70
Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction.
135405ff4806330d49060bed8cf3402ff174759f5f4ee2d7d009d9ee3f479b76
Dell OpenManage Network Manager exposes a MySQL listener that can be accessed with default credentials. This MySQL service is running as the root user, so an attacker can exploit this configuration to, e.g., deploy a backdoor and escalate privileges into the root account.
22a16815587703eaaa022a8f7fc66731fbd250580052e1ef2522bcc959b5b6ff
This Metasploit module exploits a hardcoded service token or default credentials in HPE VAN SDN Controller versions 2.7.18.0503 and below to execute a payload as root. A root command injection was discovered in the uninstall action's name parameter, obviating the need to use sudo for privilege escalation. If the service token option TOKEN is blank, USERNAME and PASSWORD will be used for authentication. An additional login request will be sent.
eea257b390a3b287d462cce58af78297233c499f3594b67b9e26d2aa119c09e9
HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second issue can be used to deny use of the appliance by continually rebooting it.
ca4e710786607c8db2b5551765fad05ea1626ff8a4bd00aa2997feded7590990
Sophos UTM 9 version 9.410 suffers from a loginuser privilege escalation vulnerability.
6d19a2e36a1817afe48ae38b69347eba16c4c1a70844cc67eafee5f5f2582e45
Trend Micro IMSVA Management Portal version 9.1.0.1600 suffers from an authentication bypass vulnerability.
c7a07a038914e37b8bfa9c05e6db471f4711c61717d34ae44ed1f91e9397d82c
NetEx HyperIP version 6.1.0 suffers from a local file inclusion vulnerability.
fb130f6f8457644d60ce69b933c8c0f2f4d3daf7e1620fb59e66f170ae55d898
NetEx HyperIP version 6.1.0 suffers from a privilege escalation vulnerability.
b6b3f5ba58facfba2eb1750f336aa647a91315ae13af6f460253387be0c2135f
NetEx HyperIP version 6.1.0 suffers from a post-authentication command execution vulnerability.
89fd3d5488d7653bb4f6d11f9248ebdc5bc0f4879c689f426770de2762eafd88
NetEx HyperIP version 6.1.0 suffers from an authentication bypass vulnerability.
d733aa8090655285b530947e6da39649927c222f511db1714d856155388a8a84
Sophos Web Gateway version 4.4.1 suffers from a persistent cross site scripting vulnerability.
137dda80750280087cb36ed57d850fc6348d18929065d814c14652da40181992
Sophos UTM 9 suffers from a local file inclusion vulnerability. Version 9.410 is affected.
ba17012c9d21cd3e781e366f214abfdf9faf9780535e543ae9cf3a40603af138
Sophos UTM 9 suffers from a loginuser privilege escalation vulnerability via insecure directory permissions. Version 9.410 is affected.
fd8843e98bd26838d92a0d52e8d9620f3e5d6a90bc1aa8cc078996b66040699a
Sonicwall WXA5000 version 1.3.2-10-30 suffers from console jail escape and privilege escalation vulnerabilities.
528772153763dde340abad6b6f539c06481ea3af1b1c1bc7eda3277928a19022
Infoblox NetMRI version VM-AD30-5C6CE suffers from an administration shell factory reset persistence vulnerability.
b441994193d057c810483b9cd2d4dad307269cc38772ac61db1b6c79283f9899
Infoblox NetMRI versions 7.1.2 through 7.1.4 suffer from administration shell escape and privilege escalation vulnerabilities.
cf2764068642712d57bf637c469af8efd08229679a4265ceb71c2691a388b2a0
Solarwinds Log and Event Manager Virtual Appliance version 6.3.1 has hard-coded credentials.
db2280c889805e3b1cc8bca7d28bca9faff15b7e7003176695d43071203d731f
Barracuda WAF V360 with firmware 8.0.1.014 suffers from a support tunnel hijacking vulnerability.
b5f3e2e56c5e431a0f7904096cd26eb5b819f5e04765f0ca18b7e34eeb0f1740
The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.
7086b580e0510a02f02451754011dfa92817d22fce4942667a0c2c95727a7c68