This Metasploit module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot (controller) component when sending a specially crafted directory_list probe. Technically speaking the target host must also be vulnerable to CVE-2020-8010 in order to reach the directory_list probe.
e8a39681b3226039c089f38664d93db9e42e085ada3d1e0f014237aa468bd3c9Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.
091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347Jenkins plugins Script Security version 1.49, Declarative version 1.3.4, and Groovy version 2.60 suffer from a code execution vulnerability.
1464739307633b75e322eb2e0907ec7933ce2f124fc0c0718f3077cf93613a62The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie, remote code execution is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location.
8fd12f434db46fa81ba8c0025bc071fdc803952e508bc82dad352cbf0212aadbDELL EMC OneFS Storage Administration version 8.1.2.0 .zshrc file overwrite exploit that leverages FTP.
3b5b17812f3f44778999e90517867030ff0029783f64223e7500beac11d514deAllok AVI DivX MPEG to DVD Converter version 2.6.1217 SEH buffer overflow exploit.
10cb1ff3a28e0cb89a06e8afc8f73f3cf9e515e5c7f4804485d5e3b9d7c11a61pfSense, a free BSD based open source firewall distribution, versions 2.2.6 and below contain a remote command execution vulnerability post authentication in the _rrd_graph_img.php page. The vulnerability occurs via the graph GET parameter. A non-administrative authenticated attacker can inject arbitrary operating system commands and execute them as the root user. Verified against 2.1.3.
356649d9c2f36292416d035a36aa1b87ba078c2559b4b41b29fff647aca29fbdLabF nfsAxe FTP Client version 3.7 buffer overflow exploit with DEP bypass.
e3b7e873de41c601f0570fa9461555c0d13f640f7cb444a1e3a53fc26c98cddfVXSearch version 10.2.14 local SEH buffer overflow exploit that binds a shell to port 1337.
78167a68357a09d5d18a1d5da9c83a989c6a6d51e521078b35a9c0f582437a65There exists an unauthenticated SEH based vulnerability in the HTTP server of Sync Breeze Enterprise version 10.1.16, when sending a GET request with an excessive length it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows NT AUTHORITY\SYSTEM account. The SEH record is overwritten with a "POP,POP,RET" pointer from the application library libspp.dll. This exploit has been successfully tested on Windows XP, 7 and 10 (x86->x64). It should work against all versions of Windows and service packs.
cd660cfe17078fd46a1bde16db1b2e75840ec80024327923f3e6be7f8c826dfdSync Breeze Enterprise version 10.1.16 GET request SEH overflow exploit.
ec771f88550b94bbe9cfabcdcf4db2ad8e3d37f026bd35777f5551bc63ec5a8e97 bytes small Linux/x86 reverse tcp shell shellcode with no NULLs.
6801867647c5ecbb5ecf15fe7b1a8a49fcccea11b3d22d816db0d2b742be766c75 bytes small Linux/x86 shellcode that binds a shell to port 4444. Contains no NULLs.
d53564a1b5086ca9438ce3b8d47f4ecf791f83665b4a94bb8208f3045bba4d87
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed