what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Nick Miles

Plone and Zope Remote CMD Injection Exploit

Posted Dec 28, 2011

Authored by TecR0c, Nick Miles, Plone Security team | Site metasploit.com

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

tags | exploit, remote, arbitrary, python

advisories | CVE-2011-3587

SHA-256 | d488e05390fc02274354b9eb2deb35cb28a9702082aeccf1b3d64435758ea353

Download | Favorite | View

Plone / Zope Remote Command Execution

Posted Dec 21, 2011

Authored by Nick Miles | Site npenetrable.com

Proof of concept code that demonstrates a remote command execution in Plone versions 4.0 through 4.0.9, 4.1, 4.2 (a1 and a2) and Zope versions 2.12.x and 2.13.x.

tags | exploit, remote, proof of concept

advisories | CVE-2011-3587

SHA-256 | 233198580f60b5c19807e7dc79ce1f1aaf6a9b1290ddd21adb2e624fea5f177d

Download | Favorite | View