Posts Tagged ‘execution’

Git cvsserver Remote Command Execution

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected. Source: Git cvsserver Remote Command Execution


Supervisor XML-RPC Authenticated Remote Code Execution

This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. […]


DenyAll Web Application Firewall Remote Code Execution

This Metasploit module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user. Source: DenyAll Web Application Firewall Remote Code Execution


Cloudview NMS 2.00b Writable Directory Traversal Execution

This Metasploit module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context ‘SYSTEM’. Source: Cloudview NMS 2.00b Writable Directory Traversal Execution