Summary: Recently, multiple vulnerabilities were observed in Feb,2020 on Cisco’s various devices identified by researcher Barak Hadad of Armis. Out of which few were RCE, among which CVE-2020-3119 is one where an unauthenticated, adjacent attacker can arbitrary code execution. Description: Cisco switches, IP phones, routers and cameras information can be observed using this problematic protocol … Continue reading “Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution Vulnerability (CVE-2020-3119)”
Tag: RCE
Linear eMerge E3 Multiple Security Vulnerabilities
Nortek has announced a critical vulnerabilities in Linear eMerge E3-Series. The vulnerabilities exists because the affected product fails to sanitize HTTP request parameter values, which can be used to construct a shell commands. This allows an attacker to execute arbitrary commands on the affected system as a root. Below CVE id’s has been assigned to … Continue reading “Linear eMerge E3 Multiple Security Vulnerabilities”
PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)
Summary: phpFileManager version suffers from a RCE vulnerability that can be executed via cross site request forgery. Product: phpFileManager version 0.9.8 Vulnerability Type: Remote Command Execution CVE Reference: CVE-2015-5958 Description: PHPFileManager is vulnerable to remote command execution and execute operating system commands via GET requests from a victims browser.Once the call to the operating systems … Continue reading “PhpFileManager 0.9.8 Remote Command Execution Vulnerability(CVE-2015-5958)”
Internet Explorer Zero-day Remote Code Execution Vulnerability (CVE-2020-0674)
Summary: Recent Internet Explorer has been observed with zero-day remote code execution vulnerability attacks. To address Microsoft’s Internet Explorer (IE) web browser RCE vulnerability CVE-2020-0674 Microsoft published an advisory ADV200001. Description: jscript.dll is the vulnerable component for IE 11, and moderate for IE 9 and IE 10. Memory corruption at ease by an attacker leads … Continue reading “Internet Explorer Zero-day Remote Code Execution Vulnerability (CVE-2020-0674)”
Ajenti server exposed by RCE bug
Hi again, Today we are going to exploit Ajenti servers xD…. which are already exposed by RCE vulnerability. For starters, let me give you Google wiki introduction of Ajenti server, Ajenti is an open-source, web-based control panel that can be used for a large variety of server management tasks. On 13th October,19 a command injection … Continue reading “Ajenti server exposed by RCE bug”
RCE vulnerability impacts Nostromo Web Server!
HOLA! I don’t think Professor Dumbledore destroyed the Resurrection Stone ツ It seems Nostromo possessed the stone all this time. Oh yes, I’m serious. If not, then how can you explain the return of this RCE Vulnerability!? Let’s have a look. In 2011, Nostromo web servers were affected by a directory traversal vulnerability leading to … Continue reading “RCE vulnerability impacts Nostromo Web Server!”
Apache Tomcat on Windows CGI Servlet Remote Code Execution Vulnerability (CVE-2019-0232)
Summary: Apache Tomcat has a vulnerability in the CGI Servlet which can be exploited to achieve remote code execution (RCE). Only Windows is exploitable while running in a non-default configuration in conjunction with batch files. Description: conf/context.xml as well conf/web.xml enables CGI in tomcat. Common Gateway Interface (CGI) is a standard protocol allows passing of … Continue reading “Apache Tomcat on Windows CGI Servlet Remote Code Execution Vulnerability (CVE-2019-0232)”
rconfig unauthenticated remote code exection vulnerability
Summary: A command-execution vulnerability is observed in a free open-source configuration management well-known as rconfig. It fails to filter the ‘rootUname‘ parameter passed to the ‘exec()‘ function of the ‘ajaxServerSettingsChk.php‘ file. It can be exploited by sending a crafted GET request to execute system commands. Description: The vulnerabilities (CVE-2019-16663, CVE-2019-16662) are both tied to rConfig … Continue reading “rconfig unauthenticated remote code exection vulnerability”
Vbulletin remote code execution vulnerability
Summary: vBulletin 5.x are prone to remote code execution vulnerability. (CVE-2019-16759). It can be exploited without authentication and takes control of web hosts. Description: vBulletin is a proprietary Internet forum software package sold by MH Sub I, LLC doing business as vBulletin. It uses PHP and uses a MySQL database server. A pre-authentication remote code … Continue reading “Vbulletin remote code execution vulnerability”
Webmin Remote Code Execution Vulnerability
Webmin version 1.882 to 1.921 is vulnerable to Unauthenticated Remote Code Execution Vulnerability. This vulnerability exists in the reset password function that allows a malicious attacker to execute malicious code due to lack of input validation. The targets which have the setting “user password change enabled” are exploitable. This vulnerability has been assigned CVE-2019-15107. Vulnerability … Continue reading “Webmin Remote Code Execution Vulnerability”
