The module exploits a path traversal via Jetdirect to gain arbitrary code execution by writing a shell script that is loaded on startup to /etc/profile.d. Then, the printer is restarted using SNMP. Impacted printers: HP PageWide Managed MFP P57750dw, HP PageWide Managed P55250dw, HP PageWide Pro MFP 577z, HP PageWide Pro 552dw, HP PageWide Pro MFP 577dw, HP PageWide Pro MFP 477dw, HP PageWide Pro 452dw, HP PageWide Pro MFP 477dn, HP PageWide Pro 452dn, HP PageWide MFP 377dw, HP PageWide 352dw, HP OfficeJet Pro 8730 All-in-One Printer, HP OfficeJet Pro 8740 All-in-One Printer, HP OfficeJet Pro 8210 Printer, HP OfficeJet Pro 8216 Printer, HP OfficeJet Pro 8218 Printer. Please read the module documentation regarding the possibility for leaving an unauthenticated telnetd service running as a side effect of this exploit.
A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions (3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15). This vulnerability has been assigned the CVE identifier CVE-2018-15685.
The following request allows a user to read any file on the system. GET /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.5.129/filemanager/dialog.php?type=0&popup=1 X-Requested-With: XMLHttpRequest Cookie: last_position=%2F; PHPSESSID=na248cef3f937mtql67dvu8fk5 Connection: close
Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that Seagate Media Server is affected by multiple SQL injection vulnerabilities. An unauthenticated attacker can exploit this issue to retrieve or modify arbitrary data in the database used by Seagate Media Server. Seagate Media Server uses a separate SQLite3 database, which limits what the attacker can do with this issue.
Sentrifugo HRMS version 3.2 and possibly before are affected by Blind SQL Injection in deptid parameter through POST request in '/index.php/servicedeskconf/getemployees/format/html' resource. This allows a user of the application without permissions to read sensitive information from the database used by the application.
A Cross-Site Request Forgery (CSRF) vulnerability has been discovered on the printer of MP C4504ex of RICOH product. Low priviliage users are able to create administrator accounts.
Struts2 Remote Code Execution Vulnerability is a vulnerability in Apache Struts2 which allows an attacker to execute arbitrary code on the server. This exploit uses a malicious OGNL expression to execute arbitrary commands on the server. The exploit is triggered when the vulnerable application receives a malicious request containing the malicious OGNL expression.
struts-pwn is a python script to exploit Apache Struts CVE-2018-11776 vulnerability. It can be used to check a single URL or a list of URLs for the vulnerability and also to exploit the vulnerability.
An issue was discovered in firefox 55.0.3 which an attacker can create a webpage and put javascript payload to crash user's browser or put user in non-responsive state.
Zoho ManageEngine ADManager Plus 6.5.7 allows XSS on the 'Workflow Delegation' 'Requesters' screen.
Services By CQR