This Metasploit module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV[0] in a call…
>> AUTHOR: deepcore
This Metasploit module exploits a vulnerability in Apache Tomcat’s CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and…
Symantec DLP 15.5 MP1 – Cross-Site Scripting
Serv-U FTP Server – prepareinstallation Privilege Escalation (Metasploit)
This Metasploit module exploits a vulnerability within the “ghelp”, “help” and “man” URI handlers within Linux Mint’s “ubuntu-system-adjustments” package. Invoking any one the URI handlers will call the python script…
FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the…
CyberPanel version 1.8.4 suffers from a cross site request forgery vulnerability.
FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege…
FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application’s failure to properly sanitize user-supplied input thru the ‘msg’…
SquirrelMail version 1.4.22 suffers from a cross site scripting vulnerability.