Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. Combining this with log injection, remote code execution can be achieved.
Action Pack in Ruby on Rails allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.
phpMyAdmin is prone to a regexp abuse via an eval modifier which can be found in old PHP versions. This vulnerability allows authenticated attackers to run arbitrary php code on the affected server. PHP versions 4.3.0-5.4.6 had a "feature" which allowed users to run a RegExp Pattern Modifier using PREG_REPLACE_EVAL and may lead to execute code. phpMyAdmin had an issue in their code that can be exploited from a table replace call. The general idea is to insert a crafted regexp eval record format, and then trigger it via a find and replace function with system commands For that purpose, the exploit will try to use any existing cookies of that host, or the username and password provided. Once logged in, if the user provided a database, it will be used. If not, we will search for existing databases. The attack will not leave any trace. This exploit installs an OS Agent.
RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.
The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. This exploit installs an OS Agent.
This module uses an unauthenticated deserialization vulnerability in Magento eCommerce Web Sites to perform an arbitrary write file to gain arbitrary PHP code execution on the affected system.
This module creates a file in the specified directory. The file abuses a command injection in ImageMagic, downloading an Impact agent and deploying it in the target system. Because ImageMagick is widely used -specially in web applications-, this module will only provide the file with the attack. The file can then used in multiple ways; for example, uploaded to a web site under test.
A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/domains resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/wmi_domain_controllers resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.