Browsing the "injection" Tag

NagiosXL 5.6.11 orderby SQL Injection ↭

April 9th, 2020 📆 | 3371 Views ⚑

# Title: Postauth SQL injection in NagiosXI 5.6.11 (param: orderby)# Date: 13.03.2020# Vendor: https://www.nagios.com/# Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/# Repo: https://github.com/c610/free/[email protected]:~$ cat

Tagged with:




Centreon 19.11 SQL Injection ↭

April 9th, 2020 📆 | 4104 Views ⚑

# Title: Postauth SQL injection in Centreon 19.11 (param: acl_res_name)# Date: 03.04.2020# Vendor: https://www.centreon.com/# Vulnerable software: https://download.centreon.com/index.php?product=19.10&action=ask&id=5074# Repo: https://github.com/c610/free/[email protected]:~$ cat

Tagged with:




PlaySMS index.php Unauthenticated Template Injection Code Execution ↭

April 7th, 2020 📆 | 2752 Views ⚑

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework## class MetasploitModule < Msf::Exploit::RemoteRank = ExcellentRankinginclude Msf::Exploit::Remote::HttpClient def initialize(info = {})super(update_info(info,‘Name’

Tagged with:




DLINK DWL-2600 Authenticated Remote Command Injection ↭

March 28th, 2020 📆 | 1733 Views ⚑

### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework## class MetasploitModule < Msf::Exploit::RemoteRank = ExcellentRanking include Msf::Exploit::Remote::HttpClientinclude Msf::Exploit::CmdStager def initialize(info

Tagged with:




SharePoint Workflows XOML Injection ↭

March 26th, 2020 📆 | 3854 Views ⚑

# This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClientinclude Msf::Exploit::CmdStagerinclude Msf::Exploit::Powershellinclude

Tagged with:




HP ThinPro 6.x / 7.x Privileged Command Injection ↭

March 26th, 2020 📆 | 7121 Views ⚑

HP ThinPro – Privileged command injection=============================================================================== Identifiers————————————————-* CVE-2019-18910 CVSSv3 score————————————————-7.6 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) Vendor————————————————-HP – https://www.hp.com](https://www.hp.com) Product————————————————-Deliver secure desktop virtualization that’s as

Tagged with:




HP ThinPro 6.x / 7.x Citrix Command Injection ↭

March 26th, 2020 📆 | 2920 Views ⚑

HP ThinPro – Citrix command injection=============================================================================== Identifiers————————————————-* CVE-2019-18909 CVSSv3 score————————————————-6.1 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) Vendor————————————————-HP – https://www.hp.com](https://www.hp.com) Product————————————————-Deliver secure desktop virtualization that’s as

Tagged with:




UCM6202 1.0.18.13 Remote Command Injection ↭

March 24th, 2020 📆 | 8586 Views ⚑

# Exploit Title: UCM6202 1.0.18.13 – Remote Command Injection# Date: 2020-03-23# Exploit Author: Jacob Baines# Vendor: http://www.grandstream.com# Product Link: http://www.grandstream.com/products/ip-pbxs/ucm-series-ip-pbxs/product/ucm6200-series#

Tagged with: