Exploits/Remote Code Execution

Apache Tika Server OS Command Injection Exploit

An OS Command Injection Vulnerability was found in Apache Tika Server 1.11<= Version <=1.17. The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request.

IBM Informix Open Admin Tool SOAP welcomeServer PHP Remote Code Execution Exploit

IBM Informix Open Admin Tool is vulnerable to an unauthenticated php remote code execution, allowing attackers to execute arbitrary php code in the system.

Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution Exploit

This module exploits two vulnerabilities in Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot. This is useful if the password for the admin user is unknown. The second is an authenticated command injection flaw using the timezone parameter in the admin_sys_time.cgi interface.

Symantec Web Gateway Management Console Remote Code Execution Exploit

The Symantec Web Gateway Management Console before 5.2.5 allows some specially crafted entries to update the whitelist without validation. A lower-privileged but authorized management console user can bypass the whitelist validation using a specifically-modified script to create an unauthorized whitelist entry. This whitelist entry could potentially be leveraged in further malicious attempts against the network.

JBoss EJBInvokerServlet Java Deserialization Vulnerability Remote Code Execution Exploit

JBoss Application Server is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary java objects leading to remote code execution. This vulnerability affects the EJBInvokerServlet component of the server.

TinyWebGallery Remote Code Execution Exploit

This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.

PHPMyAdmin Setup Config Remote Code Execution Exploit

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

Oracle GlassFish Server Administration Console Authentication Bypass Remote Code Execution Exploit

The Administration Console of Oracle GlassFish Server is prone to an authentication bypass vulnerability, which can be achieved by performing HTTP TRACE requests. A remote unauthenticated attacker can exploit this in order to execute arbitrary code on the vulnerable server.

CA Total Defense UNCWS Web Service UnAssignAdminUsers Remote Code Execution Exploit

The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The UnAssignAdminUsers method makes use of the uncsp_UnassignAdminRoles stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges.

CA Total Defense UNCWS Web Service getDBConfigSettings Remote Code Execution Exploit

The UNCWS Web Service component of CA Total Defense listens for SOAP requests. A remote unauthenticated attacker can invoke the getDBConfigSettings method, and the Web Service will answer with the server's database credentials. Once that the database credentials are captured, it is possible for a remote attacker to connect to the database and execute arbitrary code under the context of the database administrator.