Posts Tagged ‘execution’

Shadowsocks Log Manipulation / Command Execution

Several issues have been identified, which allow attackers to manipulate log files, execute commands and to brute force Shadowsocks with enabled brute force detection. Brute force detection from does not work with suggested tail command. The key of captured Shadowsocks traffic can be brute forced. The latest commit 2ab8c6b on Sep 6, 2017 […]

Trend Micro OfficeScan Remote Code Execution

This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw exists within the management interface, which listens on TCP port 443 by default. The Trend Micro Officescan product has a widget feature which is implemented […]

OrientDB 2.2.x Remote Code Execution

This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable. Source: OrientDB 2.2.x Remote Code Execution