Showing 1 - 3 of 3

Files from Federico Scalco

WordPress Caldera Forms 1.5.9.1 Cross Site Scripting: Posted Apr 19, 2018; Authored by Federico Scalco; WordPress Caldera Forms plugin version 1.5.9.1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2018-7747; SHA-256 | 5ba544e8afc1bd3b2ce994ab5600e72cb1ca79a17152a722178a125e25528c4e; Download | Favorite | View

Gemtek CPE7000 WLTCS-106 sysconf.cgi Remote Command Execution: Posted Apr 26, 2016; Authored by Federico Scalco | Site metasploit.com; A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 exposing Iperf tool to unauthenticated users. Injecting a command in the perf_measure_server_ip parameter, an attacker can execute arbitrary commands. Since the service runs as root, the remote command execution has the same administrative privileges. The remote shell is obtained uploading the payload and executing it. A reverse shell is preferred rather then a bind one, since firewall won't allow (by default) incoming connections. Tested on Hardware version V02A and Firmware version 01.01.02.082.; tags | exploit, remote, arbitrary, shell, root; SHA-256 | 46cb65000b542aa82162870f00d5dc85d65f04b83be0846b89ed193e6c3a6c0b; Download | Favorite | View

Gemtek CPE7000 WLTCS-106 Administrator SID Retriever: Posted Apr 26, 2016; Authored by Federico Scalco | Site metasploit.com; A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 which allows unauthenticated remote attackers to retrieve a valid Administrative SID.; tags | exploit, remote; SHA-256 | b4280a001436ff85b0ae7737bade7383e9b0bd2426d3bfe6ca6176ba8464b94f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days