• HP Intelligent Management Java Deserialization RCE
    Disclosure Date: 2017-10-03
    First seen: 2020-04-26
    exploit/windows/http/hp_imc_java_deserialize
    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP ports 8080 and 8443 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Authors: - Steven Seeley (mr_me) of Offensive Security - Carsten <Carsten @MaartmannMoe / cmm@transcendentgroup.com>
  • HPE iMC dbman RestartDB Unauthenticated RCE
    Disclosure Date: 2017-05-15
    First seen: 2020-04-26
    exploit/windows/misc/hp_imc_dbman_restartdb_unauth_rce
    This module exploits a remote command execution vulnerablity in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restart a user-specified database instance (OpCode 10008), however the instance ID is not sanitized, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN). Authors: - sztivi - Chris Lyne - bcoles <bcoles@gmail.com>
  • HPE iMC dbman RestoreDBase Unauthenticated RCE
    Disclosure Date: 2017-05-15
    First seen: 2020-04-26
    exploit/windows/misc/hp_imc_dbman_restoredbase_unauth_rce
    This module exploits a remote command execution vulnerablity in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database (OpCode 10007), however the database connection username is not sanitized resulting in command injection, allowing execution of arbitrary operating system commands as SYSTEM. This service listens on TCP port 2810 by default. This module has been tested successfully on iMC PLAT v7.2 (E0403) on Windows 7 SP1 (EN). Authors: - sztivi - Chris Lyne - bcoles <bcoles@gmail.com>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!