This Metasploit module exploits HP Data Protectors omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the process will then go ahead execute it with CreateProcess() under a new thread. If the filename isnt found, FindFirstFileW() will throw an error (0x03), and then bails early without triggering CreateProcess(). Because of these behaviors, if you try to supply an argument, FindFirstFileW() will look at that as part of the filename, and then bail. Please note that when you specify the CMD option, the base path begins under C:\.
d60f9ecfdd7e75b911a02d2e3e9f7e6e28eb00b4db11022e93bc1c7e16bb9722Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
96491008a9e1ad7e69bc2be9e30cea2014e7ec82fcaa4c2a1a86a984844d920eGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
3e5640bdf3520143887748dd71372f092de7b62b576127bda963e7187d1ac1e1Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
783c5861525c5c580c13a6ffaca19e9f37ac760eb966aad82fa29217fa7a71e4Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
cce3339a277e3dbab7f9c849a9cb657c9d4d0950fd8a9a1420fad6b45a2a1fa8Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
4bb85b35f11fb5501d5516eb52ee5d5fa72738aae93f70b43b6f9fe6e15ffb24Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
7bab75bbc6330e05bd374226f5e57a1fab230a1b04db8a88cfe4b4e95c909c90Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
a1153c5de5bd786a24a28e3e31ce5ead66ccd16a90c162f15c858d17d6001e7fGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
41eb7846be334a34a54cdda4de506dfc8dc6be67eb610b7d6bb9b8cae80e277dGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
25ed4c4c97f26a3df2dd64a41c356940753751abc3e5c7c9e0d7b682495221d9VegaDNS version 0.13.2 suffers from a remote command injection vulnerability.
691f14f46448b114528c54e8b25a49d68c7140203e7d8634eb7318d2424b2d4aCacti Superlinks version 1.4-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities.
5a23314873f3c7b79647dafc858449285d365137abb907d03a2007a2c4bb40fdFlatpress version 1.0 remote code execution exploit that leverages a comment loaded through a directory traversal vulnerability.
8cbb0d3675b2bd21358cd41f0015f77833c3b74c965121dd98e9e879bf4160dcfreeFTPd 1.0.10 and below contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted PASS command. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service or allow the execution of arbitrary code. FreeFTPd must have an account set to authorization anonymous user account.
5e92a9db9ba76a96be5d0f1d040af96bc6431037970882d5778b46dcbc012aadmod_accounting version 0.5 suffers from a remote blind SQL injection vulnerability.
5f80d81efab9b887ab6063336f50467c4282d2a92a64c29cbf5563b42ba9f24aThis Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10. credit goes to Wireghoul.
9b1b3722c40ca89375f977802175807d831acd844ac69afb11a55ae6296de174This Metasploit module exploits a SEH stack-based buffer overflow in freeFTPd Server PASS command version 1.0.10.
02521b6229ecb5c00ebc4a5b2081e20949f1c436bc6899cb1c51b9e3982be68bfreeFTPd version 1.0.10 PASS command SEH buffer overflow exploit.
9074bf6f86b7de3c41e626bf72906b7cbd156074f91c6eb66bcbbe469169d303Open and Compact FTP server version 1.2 authentication bypass and directory traversal SAM retrieval exploit.
0aa630f3b70ad7a6a9b5a6a29346d0cca04ee11570d82597dcfe2a39b5d05d09Symphony CMS version 2.3 suffers from cross site scripting, path disclosure, remote shell upload, token brute force, and remote SQL injection vulnerabilities.
2b1824a17383c70bba1e1643ea148290b08e042f50a7123cb88114364f39cfc2This exploit abuses a vulnerability in the HP Data Protector service. This flaw allows an unauthenticated attacker to take advantage of the EXEC_CMD command and traverse back to /bin/sh, this allows arbitrary remote code execution under the context of root.
95add5b2ce4d94dcd719eaead5d7369aff78a1ef7a8325a02fc4a43b2369c0b5Chyrp versions 2.1 and below suffer from cross site scripting, local file inclusion, shell upload, and directory traversal vulnerabilities. Both the oCERT and original advisories are included here.
18cdf52059b49b643716260b829dda6fe150876cbf21decc4085e78858e6de67Symphony CMS version 2.1.2 suffers from a remote blind SQL injection vulnerability.
72304f447893e36ab1d979c1aaa426d7350a9b03736b52d72ddb9e0b566af0cbGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
d46060d223d96fc42554acdc64b1cf95c5fbf905d7daa19f4be00ce3b80a0fbdGraudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
253268f4cfd6a3216f6fd69cf40629e0fb8195095d9321238364444ed5acab0f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed