This Metasploit module exploits an improper input sanitization in SpamTitan versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. Note that only version 7.03 needs authentication and no authentication is required for versions 7.01, 7.02 and 7.07.
cc011f3d97e6e780eac9a8ecaf045f486a51374234b82311aea352d9a57efef0
SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php.
46511399bed0e9da7c7e842465a1d68fcec18943d583bc702307a069fc3d4fa3
SpamTitan version 7.07 suffers from an authenticated remote code execution vulnerability.
4234f62e0c44c2e3dad423c5cc769129588ffafbed80a16f8610281916cc3da9
ManageEngine Service Desk version 10.0 suffers from a cross site scripting vulnerability.
469e92a043840addd4c43d4eb114c7ef988c00069a831c8b52bc518e495ec1e9
WordPress XCloner plugin versions 3.1.5 and below suffer from remote command execution and denial of service vulnerabilities.
c4adc46421e9ec345a0a8073a2bf4641c876bfa11c86f2671926c405a99cdeab
WordPress Memphis Document Library plugin version 3.1.5 suffers from an arbitrary file download vulnerability.
b72346b0c1735575621f6102ef6ef9845d42644148787b3ded9d0b7bddc09cb7
WordPress Freshmail plugin versions 1.5.8 and below suffer from multiple remote SQL injection vulnerabilities.
ecaa20fa237cb0a8aa083981c48b64cc3785f441002a277f54d0ce324677ced0
WordPress Ultimate Product Catalogue plugin versions 3.1.2 and below suffer from multiple remote SQL injection vulnerabilities.
a02ef720dd359a3d52d92fb498b5e55a1386cf0896a4bf4b869dc635ad52f563
WordPress Ultimate Product Catalogue plugin version 3.1.2 suffers from cross site request forgery, cross site scripting, and file upload vulnerabilities.
4904e671aa6eff5340a6349f8597bed6a49cb0e9bdf1e5db158931aa95913c4d
Conceptronic camera CIPCAMPTIWL with firmware 21.37.2.49 suffers from a cross site request forgery vulnerability.
c936953abc9b003cdedd3e88f2c0d79e0d4917e23725676c6212ee65de3ad7d4