CVE-2014-4872

Related Files

BMC / Numara Track-It! Domain Administrator and SQL Server User Password Disclosure

Posted Aug 31, 2024

Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an unauthenticated configuration retrieval .NET remoting service in Numara / BMC Track-It! v9 to v11.X, which can be abused to retrieve the Domain Administrator and the SQL server user credentials. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143 and 9.0.30.248.

tags | exploit

advisories | CVE-2014-4872

SHA-256 | c4393d13ad749aa7034ef30f6397d0ec4a5b81ec900725fcf1389deef93b9f50

Download | Favorite | View

Numara / BMC Track-It! FileStorageService Arbitrary File Upload

Posted Oct 21, 2014

Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

tags | exploit, web, arbitrary, root, code execution, asp, file upload

advisories | CVE-2014-4872

SHA-256 | 95061f597110575d12518dbaad93354d7acf1c2eabf6a59fdfcc9c6bc66fdd45

Download | Favorite | View

BMC Track-it! Remote Code Execution / SQL Injection

Posted Oct 8, 2014

Authored by Pedro Ribeiro

BMC Track-it! suffers from code execution, arbitrary file download, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, sql injection

advisories | CVE-2014-4872, CVE-2014-4873, CVE-2014-4874

SHA-256 | 424ad45a542a874674f55fda959776d2554f26182771fb01a177badef46cb578

Download | Favorite | View