Posts Tagged ‘execution’

Microsoft Windows LNK File Code Execution

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 (CVE-2015-0096). The created LNK file is similar except an additional SpecialFolderDataBlock is included. The folder ID set in this SpecialFolderDataBlock is set to the […]


tnftp "savefile" Arbitrary Command Execution

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp’s handling of the resolved output filename – called “savefile” in the source – from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename […]


Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. Source: Unitrends UEB bpserverd Authentication Bypass / Remote Command Execution


TP-Link WR940N Remote Code Execution

Numerous remote code execution paths were discovered in TP-Link’s WR940N home WiFi router. Valid credentials are required for this attack path. It is possible for an authenticated attacker to obtain a remote shell with root privileges. Source: TP-Link WR940N Remote Code Execution