Posts Tagged ‘execution’

IPFire proxy.cgi Remote Code Execution

IPFire, a free linux based open source firewall distribution, version prior to 2.19 Update Core 110 contains a remote command execution vulnerability in the ids.cgi page in the OINKCODE field. Source: IPFire proxy.cgi Remote Code Execution

VICIdial user_authorization Unauthenticated Command Execution

This Metasploit module exploits a vulnerability in VICIdial versions 2.9 RC 1 to 2.13 RC1 which allows unauthenticated users to execute arbitrary operating system commands as the web server user if password encryption is enabled (disabled by default). When password encryption is enabled the user’s password supplied using HTTP basic authentication is used in a […]

Metasploit RPC Console Command Execution

This Metasploit module connects to a specified Metasploit RPC server and uses the ‘console.write’ procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1. Source: […]