Joomla content and bch components suffer from a remote shell upload vulnerability.
156fb5eff2ac666b061fdfd50d6fe3735cdc4a5d9a794a7e07a40893f427c5d2CubeCart versions 4.4.6 and below suffer from a local file inclusion vulnerability.
cd09ebac1ebc0cdb12f3fcb26cfca9b777d59682b2ce8d5df2bc51319446fa7cCubeCart versions 4.4.6 and below suffer from a remote SQL injection vulnerability.
fb5ba9da5f00ec1224adc14fd7e0304f4b96af9244451539363f329a3b84a376This is an exploit for W3 Total Cache called W3 Total Fail that works by attempting to guess SQL queries that might contain important password hashes.
2e978aeab0aad073084fa3c762212c6feb62f882be9a85f79fe5a5effb151596Netransfers version 2.1 suffers from cross site scripting, local file inclusion, and directory traversal vulnerabilities.
4a183785cbb8438b9e8db953fad2c66c40daf05a1747e1cd0cd5ce9b73bfadfbThis exploits abuses an argument injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user.
3eec4f2609dbad6e788f030ac2d9d162c3f1d0f995cfc76d077850a4c0c1bcdcCubeCart versions 4.4.6 and below suffer from multiple cross site scripting vulnerabilities.
f613b5f3755c80ea590bd86c890a7bd417c277d38c83a86e047147dac23898aeCubeCart versions 4.4.6 and below suffer from a cross site request forgery vulnerability.
9786b4b6388152d345c9bc99106204e26c2db4b2c8ca67174d1c41d337766b31MyBB AwayList plugin suffers from a remote SQL injection vulnerability.
390090953d05358a08a89247468e6744125a4582dc4426263307b48b6e30859bCubeCart versions 5.0.7 and below suffer from an open URL redirection vulnerability.
8088fcda724250b29531d595f138b2830fad68d83d0ecedc036310b40a01a8bdCubeCart versions 4.4.6 and below suffer from an open URL redirection vulnerability.
2155a336ea5b466547cbd01cc22b43133122aa3dc4f50f21da60e598c5aa3acbMultiple WordPress themes by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
b64d5ae444d8cc1bf39555f4b065ea716c63e9ea02efe5949842af75d06a8ff8This Metasploit module an arbitrary file upload and code execution vulnerability in Uploadify.
a6f12738518c4ce18f38b79ba62f721ae6a586c334e491f20b73787b6ac9b356Feindura CMS version 2.0.4 suffers from a remote PHP shell upload vulnerability.
ecdc36ddddd1f08e0556a367db6dfb88df06cfe8bcf67905c47bfa7040e0a29bCity Directory Review and Rating Script suffers from a remote SQL injection vulnerability.
e903209e8cf91c1e8901d8dd58f98e226a25cc15bdb2b9838747f89b94e938aaThis Metasploit module can be used to crawl MS SQL Server database links and deploy Metasploit payloads through links configured with sysadmin privileges using a valid SQL Server Login. If you are attempting to obtain multiple reverse shells using this module we recommend setting the "DisablePayloadHandler" advanced option to "true", and setting up a multi/handler to run in the background as a job to support multiple incoming shells. If you are interested in deploying payloads to specific servers this module also supports that functionality via the "DEPLOYLIST" option. Currently, the module is capable of delivering payloads to both 32bit and 64bit Windows systems via powershell memory injection methods based on Matthew Graeber's work. As a result, the target server must have powershell installed. By default, all of the crawl information is saved to a CSV formatted log file and MSF loot so that the tool can also be used for auditing without deploying payloads.
aec25e86c630aebbe81223e53debe36871fbbe2494ff15b49410d725b1a9770cThis Metasploit modules exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with an specially crafted notes:// URL to execute arbitrary commands with also arbitrary arguments. This Metasploit module has been tested successfully on Windows XP SP3 with IE8, Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.
7a3b0f8cdedb3c1112e263b6a63066bb8c62253df93e1569505b5ae265a933a9This Metasploit module exploits a vulnerability found in Netwin SurgeFTP, version 23c8 or prior. In order to execute commands via the FTP service, please note that you must have a valid credential to the web-based administrative console.
d2cfc6fc7d86461f770fda0e4daee3857ea9a4952d95f4921e2a9e92c4b23c57This Metasploit module exploits a vulnerability found in WP-Property <= 1.35.0 WordPress plugin. By abusing the uploadify.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
4dee1bdd031612bb43cd354c2c2c0169a80a8ac8b06c72612651dcb736f31e37This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable. If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the FoswikiPage option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
1dfa323fc74f3423aec71ecc1cde0b04c26eea7a42d6702fc3d9df74654857c2This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.
6a462fdc51b0c493b941a326fd05e71eb12bf8bedb39c652d6c549a65bf5b2d5C-Panel suffers from a reflective cross site scripting vulnerability in manage.html.
d82a4bc494fbe2f073497ffcfd9405e156889169ee06e1d1c9ea615a5598b3c9Buradadir suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a81f66d67250817c483cd3d1c73fb07af4c3006d6134501549274bc6a8a4d8c6CubeCart version 3.0.20 suffers from multiple remote SQL injection vulnerabilities.
fc7850e6e21a2032ad53e445d442097fd1c307a1e013f02a32be1ba3086dedf5CubeCart versions 3.0.20 and below suffer from a remote shell upload vulnerability.
5a4b36cf177e335df069f18ff50a86a8c47e2a1d3366c93ee123d70335c68349
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed