Agilebio Lab Collector 4.234 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Agilebio Lab Collector version 4.234 suffers from a remote code execution vulnerability.
Posts under exploit
NetBSD hfslib_reada_node_offset Overflow
Posted by deepcore under exploit (No Respond)
NetBSD hfslib_reada_node_offset local overflow proof of concept exploit.
Barracuda CloudGen WAN OS Command Injection
Posted by deepcore under exploit (No Respond)
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.
Barracuda CloudGen WAN OS Command Injection
Posted by deepcore under exploit (No Respond)
Barracuda CloudGen WAN provides a private edge appliance for hybrid deployments. An authenticated user in the administration interface for the private edge virtual appliance can inject arbitrary OS commands via the /ajax/update_certificate endpoint. Versions prior to v8.* hotfix 1089 are affected.
Real Estate CRM Pro 5.7 SQL Injection
Posted by deepcore under exploit (No Respond)
Real Estate CRM Pro from IT Ways version 5.7 appears to suffer from a remote SQL injection vulnerability that can allow for authentication bypass.
Lucee Authenticated Scheduled Job Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It’s possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is uploaded as a cfm file when queried by […]
Lucee Authenticated Scheduled Job Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It’s possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is uploaded as a cfm file when queried by […]
Packet Storm New Exploits For February, 2023
Posted by deepcore under exploit (No Respond)
This archive contains all of the 82 exploits added to Packet Storm in February, 2023.
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user.
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user.