CVE-2013-4984

Related Files

Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation

Posted Sep 17, 2013

Authored by Francisco Falcon, juan vazquez | Site metasploit.com

This Metasploit module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This Metasploit module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.

tags | exploit, web, root, perl, vulnerability

advisories | CVE-2013-4984, OSVDB-97028

SHA-256 | 7b650af9e32cadfdd3be9e6255740c3a5d42d0ac1627d52bec5e8e35f7e5b29b

Download | Favorite | View

Sophos Web Protection Appliance Command Injection

Posted Sep 7, 2013

Authored by Core Security Technologies, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Sophos Web Protection Appliance versions 3.7.9 and earlier, 3.8.1, and 3.8.0 suffer from multiple OS command injection vulnerabilities.

tags | exploit, web, vulnerability

advisories | CVE-2013-4983, CVE-2013-4984

SHA-256 | 9b18440c26f1295d0a92ba4d7e6ec1dd5c6560e29f7da1ea8bd466580e248550

Download | Favorite | View