This Metasploit module exploits an authenticated command injection vulnerability in FusionPBX versions 4.4.3 and prior. The exec.php file within the Operator Panel permits users with operator_panel_view permissions, or administrator permissions, to execute arbitrary commands as the web server user by sending a system command to the FreeSWITCH event socket interface. This module has been tested […]
http://inderm.go.th notified by Scrub
Tags:
defacement
Shrew Soft VPN Client 2.2.2 – ‘iked’ Unquoted Service Path
Tags:
0day,
remote exploit
Technicolor TD5130.2 with firmware version OI_Fw_V20 suffers from a remote command execution vulnerability.
Technicolor versions TC7300.B0 through STFA.51.20 suffer from a persistent cross site scripting vulnerability.
Fastweb Fastgate version 0.00.81 suffers from a remote code execution vulnerability.
gSOAP version 2.8 suffers from a directory traversal vulnerability.
Scanguard versions through 2019-11-12 on Windows has insecure permissions for the installation directory, leading to privilege escalation via a trojan horse executable file.
Siemens Desigo PX version 6.00 remote denial of service exploit.
An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager (in the files action.admin_bulk_css.php and action.admin_bulk_template.php), with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1_allparms parameter, and achieve object injection. This Metasploit module has been successfully tested on […]
