header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Media Library Assistant WordPress Plugin – RCE and LFI

Media Library Assistant Wordpress Plugin in version < 3.10 is affected by an unauthenticated remote reference to Imagick() conversion which allows attacker to perform LFI and RCE depending on the Imagick configuration on the remote server. The affected page is: wp-content/plugins/media-library-assistant/includes/mla-stream-image.php

Ruijie Reyee Wireless Router firmware version B11P204 – MITM Remote Code Execution (RCE)

The Ruijie Reyee Cloud Web Controller allows the user to use a diagnostic tool which includes a ping check to ensure connection to the intended network, but the ip address input form is not validated properly and allows the user to perform OS command injection. In other side, Ruijie Reyee Cloud based Device will make polling request to Ruijie Reyee CWMP server to ask if there's any command from web controller need to be executed. After analyze the network capture that come from the device, the connection for pooling request to Ruijie Reyee CWMP server is unencrypted HTTP request. Because of unencrypted HTTP request that come from Ruijie Reyee Cloud based Device, attacker could make fake server using Man-in-The-Middle (MiTM) attack and send arbitrary commands to execute on the cloud based device that make CWMP request to fake server. Once the attacker have gained access, they can execute arbitrary commands on the system or application, potentially compromising sensitive data, installing malware, or taking control of the system.

HP Data Protector EXEC_INTEGUTIL Remote Code Execution

This exploit abuses a vulnerability in the HP Data Protector. The vulnerability exists in the Backup client service, which listens by default on TCP/5555. The EXEC_INTEGUTIL request allows to execute arbitrary commands from a restricted directory. Since it includes a perl executable, it's possible to use an EXEC_INTEGUTIL packet to execute arbitrary code. On linux targets, the perl binary isn't on the restricted directory, but an EXEC_BAR packet can be used to access the perl binary, even in the last version of HP Data Protector for linux. This module has been tested successfully on HP Data Protector 9 over Windows 2008 R2 64 bits and CentOS 6 64 bits.

Recent Exploits: