what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files Date: 2013-08-24 to 2013-08-25

myBusinessAdmin SQL Injection

Posted Aug 24, 2013

Authored by DevilScreaM

myBusinessAdmin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection

SHA-256 | 61199fcdd72948288b6ed131c61a7639d0420c74ff9601b8ff95b0b0efc14215

Download | Favorite | View

Oracle Endeca Server Remote Command Execution

Posted Aug 24, 2013

Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This Metasploit module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).

tags | exploit, web

systems | windows

advisories | CVE-2013-3763, OSVDB-95269

SHA-256 | fdafe64c526b291f8bc73bfd5eb8e62b37efd1524e773b087d3cc9cb3a8c5297

Download | Favorite | View