Full title: Watchguard XCS Remote Command Execution Exploit 
Category: remote exploits
Platform: bsd
This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the 'nobody' user.

# 0day.today @ http://0day.today/