This Metasploit module exploits a vulnerability in PhpMyAdmin's setup feature which allows an attacker to inject arbitrary PHP code into a configuration file. The original advisory says the vulnerability is present in phpMyAdmin versions 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1; this module was tested on 3.0.1.1. The file where our payload is written (phpMyAdmin/config/config.inc.php) is not directly used by the system, so it may be a good idea to either delete it or copy the running config (phpMyAdmin/config.inc.php) over it after successful exploitation.
c6dcd3c567ac45d96e97a2bc40e1b5ef02017edab7e4eb3995b6fbcd852cad26
The QuickTime Streaming Server contains a CGI script that is vulnerable to metacharacter injection, allow arbitrary commands to be executed as root.
87169439514fb0afb74e3cd42e5f97a61ab10eb7cfb959af7b8efa2b61313896
This Metasploit module exploits various php include vulnerabilities.
e357d04e020edf1f4d458c10f229063fd076425a03411ffdd5eba7edcc75455a
This Metasploit module exploits a metacharacter injection vulnerability in the FreeBSD and Solaris versions of the Zabbix agent. This flaw can only be exploited if the attacker can hijack the IP address of an authorized server (as defined in the configuration file).
e5f0f890d82d1ebacd0b8289ec44368a0492b00a6c37a1e9b2d6510aaa02d3da
K-Rate suffers from a remote SQL injection vulnerability in view.php.
aa1c01b4102a6516af200a3259b76ab9569c1d5af7900235a4e7a2eb8e293581
UranyumSoft Ylan Servisi suffers from a remote database disclosure vulnerability.
a35779d7d59444546e8f0c2a617d9f2465f76cb92425e710429f0a4b75aeb3b1
WingFTP version 3.2.4 suffers from a cross site request forgery vulnerability.
b59dc9a226776116ef463203bc6f45c9546d3061b923e74c7c8abc66701ec2a8
Opera 10.10 suffers from a simple status bar obfuscation vulnerability.
f62aceb7f0da2b92830284cb98a0f7d2e4ff89322384310aa3aabf9c1b30f181
The Joomla RD Download component suffers from a local file disclosure vulnerability.
5705c7f19c549aa257c56f2ef4fc27d8b316fae0eeb3d107a542408ce399787b
The Joomla Airmonoblock component suffers from a remote blind SQL injection vulnerability.
9a580206568c9ac0ee5600419251364646fedcf3bb8526f77d97a402300e03ca
My Book World Edition NAS suffers from remote command execution and cross site scripting vulnerabilities.
03996dc15cc7b4484adfb2f56f2af911023b0cee66da42b3abab4cafce908e78
RoseOnlineCMS versions 3 B1 and below suffer from a local file inclusion vulnerability.
2ede8b833493781a7bd20f0019ca7d0f1fd2e6203bc5fdb51d00e99f193694b9
I-Rater basic suffers from a remote shell upload vulnerability.
bca6fd53c061c6d5dfac064fce00a061cf5e9cdaac310c0e43ee8adf8844d0c4
PicMe version 2.1.0 suffers from a cross site scripting vulnerability.
02c7a6d64b3897c3efc19d594ca6cfd70d4f41087373b30dcc426bbe0f1268ea
The Mambo View Full Listing component suffers from a remote SQL injection vulnerability.
71173e2299013ab9d9d5b0a0b5b0612b624c32ba5aafb813f1fc93ed90a38e13
Diesel Job Site version 1.4 suffers from remote file inclusion, cross site scripting, and bypass vulnerabilities.
006aaae6c4f97408cd52fc12f42ef7dd86bc3bdfaf031b85130c69723dcad704
I-Escorts Directory suffers from a remote SQL injection vulnerability in country_escorts.php.
2c3fbe5c2e0d04e2045703f6e389a6a339e1bcc094e3494fd1a5109e61b6fc84
PicMe version 2.1.0 suffers from a remote shell upload vulnerability.
c5c948d81fbe80799301fc4d2abf4002ccb5e256ea5c1339b603cd51ab659dfe
UBB.Threads version 6 suffers from remote file inclusion vulnerabilities.
44fa364fc2aff7931dcb4e2dc7009193c46ace8dd9300b83984741e109f67ae7
The Joomla StaticXT component suffers from a cross site scripting vulnerability.
8415966f3132f701db2aab0e8fbb499743b7d9d685c4cae3427754a874ede4be
Scribd.com suffers from a cross site scripting vulnerability.
bd5d2cfc9f4b19ce0fc010fbf196df43f94ffc03cfd5fd3d164b9136fc5c0fc3
Netragard, L.L.C Advisory - Mac OS X Java Runtime suffers from buffer overflows that allow for remote code execution.
b4e62b2f700ce3815f78c1991849fbb9ad953a16a199be95b8d4740f1b5ad9a7
B2B eCommerce suffers from a remote SQL injection vulnerability.
331e052b32904169d70331b34a3ee666ee89661f4b2ba4fd74afa8b9ec7a76aa
The Joomla KKContent component suffers from a remote blind SQL injection vulnerability.
90883c02ab52665255793f86e347d8a1ac97fbd13f02e886fd3632c6b601f753
Despe FreeCell suffers from a cross site scripting vulnerability.
4381d2c342bc4d4b0fc54c236f8d27d60b02fa9826a86c9a662b3163b2783955