Published: 29/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

vmtadmin.cgi in VMTurbo Operations Manager prior to 4.6 build 28657 allows remote malicious users to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmturbo operations manager
vmturbo operations manager 4.5
vmturbo operations manager 4.0

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager include Msf::Exploit::EXE def initialize ...

Security Advisories and Researches

Advisories Security advisories I've published in the latest years VMTurbo Operations Remote Command Execution VMTurbo Operations Manager appliance can be exploited by an unauthenticated attacker to execute unauthenticated arbitrary remote commands 25-07-2014 | CVE-2014-5073 | Original advisory | Advisory details | Metasploit Module | Status: Fixed in 46-28657 Moodle XSS

NVD-CWE-Other http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html http://www.exploit-db.com/exploits/34335 http://secunia.com/advisories/58880 http://secunia.com/secunia_research/2014-8/http://www.osvdb.org/109572 http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution/http://www.securityfocus.com/bid/69225 https://exchange.xforce.ibmcloud.com/vulnerabilities/95319 https://nvd.nist.gov https://github.com/epinna/researches https://www.exploit-db.com/exploits/34335/

CVE-2014-5073

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect