xort

22 exploits Active since Oct 2005
CVE-2009-0658 METASPLOIT HIGH ruby WORKING POC
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
CVSS 7.8
CVE-2009-0658 METASPLOIT HIGH ruby WORKING POC
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
CVSS 7.8
CVE-2005-3252 EXPLOITDB c WORKING POC
Snort - Stack-based Buffer Overflow via Back Orifice Preprocessor
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
CVE-2009-0658 EXPLOITDB HIGH ruby WORKING POC
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
CVSS 7.8
CVE-2009-0658 EXPLOITDB HIGH ruby WORKING POC
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
CVSS 7.8
CVE-2016-9553 EXPLOITDB HIGH ruby WORKING POC
Sophos Web Appliance 4.2.1.3 - Authenticated Remote Command Injection via MgrReport.php
The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258.
CVSS 7.2
CVE-2016-9554 EXPLOITDB HIGH ruby WORKING POC
Sophos Web Appliance 4.2.1.3 - Remote Command Injection via MgrDiagnosticTools.php URL Parameter
The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account.
CVSS 7.2
EIP-2026-103076 EXPLOITDB ruby WORKING POC
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit)
EIP-2026-103074 EXPLOITDB ruby WORKING POC
Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)
EIP-2026-103075 EXPLOITDB ruby WORKING POC
Barracuda Spam & Virus Firewall 5.1.3.007 - Remote Command Execution (Metasploit)
EIP-2026-103077 EXPLOITDB ruby WORKING POC
Barracuda Web App Firewall 8.0.1.007/Load Balancer 5.4.0.004 - Remote Command Execution (Metasploit)
EIP-2026-103078 EXPLOITDB ruby WORKING POC
Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - (Authenticated) Remote Command Execution (Metasploit) (3)
EIP-2026-103079 EXPLOITDB ruby WORKING POC
Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)
CVE-2017-6182 EXPLOITDB CRITICAL ruby WORKING POC
Sophos Web Appliance < 4.3.1.2 - Remote Command Injection via Report Generation Functions
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.
CVSS 9.8
CVE-2017-6320 EXPLOITDB HIGH ruby WORKING POC
Barracuda Load Balancer ADC < 6.0.1.006 - Authenticated OS Command Injection via delete_assessment Command
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.
CVSS 8.8
CVE-2016-9684 EXPLOITDB CRITICAL ruby WORKING POC
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via viewcert CGI
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.
CVSS 9.8
CVE-2016-9683 EXPLOITDB CRITICAL ruby WORKING POC
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.
CVSS 9.8
EIP-2026-100900 EXPLOITDB ruby WORKING POC
Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)
EIP-2026-100901 EXPLOITDB ruby WORKING POC
Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)
CVE-2017-6316 EXPLOITDB CRITICAL ruby WORKING POC
Citrix NetScaler SD-WAN <v9.1.2.26.561201 - Command Injection
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVSS 9.8
CVE-2016-9682 EXPLOITDB CRITICAL text WORKING POC
SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via Diagnostics CGI
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.
CVSS 9.8
CVE-2017-6316 EXPLOITDB CRITICAL text WORKING POC
Citrix NetScaler SD-WAN <v9.1.2.26.561201 - Command Injection
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVSS 9.8