Joomla content and bch components suffer from a remote shell upload vulnerability.
156fb5eff2ac666b061fdfd50d6fe3735cdc4a5d9a794a7e07a40893f427c5d2
CubeCart versions 4.4.6 and below suffer from a local file inclusion vulnerability.
cd09ebac1ebc0cdb12f3fcb26cfca9b777d59682b2ce8d5df2bc51319446fa7c
CubeCart versions 4.4.6 and below suffer from a remote SQL injection vulnerability.
fb5ba9da5f00ec1224adc14fd7e0304f4b96af9244451539363f329a3b84a376
This is an exploit for W3 Total Cache called W3 Total Fail that works by attempting to guess SQL queries that might contain important password hashes.
2e978aeab0aad073084fa3c762212c6feb62f882be9a85f79fe5a5effb151596
Netransfers version 2.1 suffers from cross site scripting, local file inclusion, and directory traversal vulnerabilities.
4a183785cbb8438b9e8db953fad2c66c40daf05a1747e1cd0cd5ce9b73bfadfb
This exploits abuses an argument injection in the PHP-CGI wrapper to execute code as the PHP user/webserver user.
3eec4f2609dbad6e788f030ac2d9d162c3f1d0f995cfc76d077850a4c0c1bcdc
CubeCart versions 4.4.6 and below suffer from multiple cross site scripting vulnerabilities.
f613b5f3755c80ea590bd86c890a7bd417c277d38c83a86e047147dac23898ae
CubeCart versions 4.4.6 and below suffer from a cross site request forgery vulnerability.
9786b4b6388152d345c9bc99106204e26c2db4b2c8ca67174d1c41d337766b31
MyBB AwayList plugin suffers from a remote SQL injection vulnerability.
390090953d05358a08a89247468e6744125a4582dc4426263307b48b6e30859b
CubeCart versions 5.0.7 and below suffer from an open URL redirection vulnerability.
8088fcda724250b29531d595f138b2830fad68d83d0ecedc036310b40a01a8bd
CubeCart versions 4.4.6 and below suffer from an open URL redirection vulnerability.
2155a336ea5b466547cbd01cc22b43133122aa3dc4f50f21da60e598c5aa3acb
Multiple WordPress themes by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
b64d5ae444d8cc1bf39555f4b065ea716c63e9ea02efe5949842af75d06a8ff8
This Metasploit module an arbitrary file upload and code execution vulnerability in Uploadify.
a6f12738518c4ce18f38b79ba62f721ae6a586c334e491f20b73787b6ac9b356
Feindura CMS version 2.0.4 suffers from a remote PHP shell upload vulnerability.
ecdc36ddddd1f08e0556a367db6dfb88df06cfe8bcf67905c47bfa7040e0a29b
City Directory Review and Rating Script suffers from a remote SQL injection vulnerability.
e903209e8cf91c1e8901d8dd58f98e226a25cc15bdb2b9838747f89b94e938aa
This Metasploit module can be used to crawl MS SQL Server database links and deploy Metasploit payloads through links configured with sysadmin privileges using a valid SQL Server Login. If you are attempting to obtain multiple reverse shells using this module we recommend setting the "DisablePayloadHandler" advanced option to "true", and setting up a multi/handler to run in the background as a job to support multiple incoming shells. If you are interested in deploying payloads to specific servers this module also supports that functionality via the "DEPLOYLIST" option. Currently, the module is capable of delivering payloads to both 32bit and 64bit Windows systems via powershell memory injection methods based on Matthew Graeber's work. As a result, the target server must have powershell installed. By default, all of the crawl information is saved to a CSV formatted log file and MSF loot so that the tool can also be used for auditing without deploying payloads.
aec25e86c630aebbe81223e53debe36871fbbe2494ff15b49410d725b1a9770c
This Metasploit modules exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with an specially crafted notes:// URL to execute arbitrary commands with also arbitrary arguments. This Metasploit module has been tested successfully on Windows XP SP3 with IE8, Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.
7a3b0f8cdedb3c1112e263b6a63066bb8c62253df93e1569505b5ae265a933a9
This Metasploit module exploits a vulnerability found in Netwin SurgeFTP, version 23c8 or prior. In order to execute commands via the FTP service, please note that you must have a valid credential to the web-based administrative console.
d2cfc6fc7d86461f770fda0e4daee3857ea9a4952d95f4921e2a9e92c4b23c57
This Metasploit module exploits a vulnerability found in WP-Property <= 1.35.0 WordPress plugin. By abusing the uploadify.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution.
4dee1bdd031612bb43cd354c2c2c0169a80a8ac8b06c72612651dcb736f31e37
This Metasploit module exploits a vulnerability in the MAKETEXT Foswiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since the input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. Only Foswiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set) are vulnerable. If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the FoswikiPage option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on Foswiki 1.1.5 as distributed with the official Foswiki-1.1.5-vmware image.
1dfa323fc74f3423aec71ecc1cde0b04c26eea7a42d6702fc3d9df74654857c2
This Metasploit module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The modules has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.
6a462fdc51b0c493b941a326fd05e71eb12bf8bedb39c652d6c549a65bf5b2d5
C-Panel suffers from a reflective cross site scripting vulnerability in manage.html.
d82a4bc494fbe2f073497ffcfd9405e156889169ee06e1d1c9ea615a5598b3c9
Buradadir suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
a81f66d67250817c483cd3d1c73fb07af4c3006d6134501549274bc6a8a4d8c6
CubeCart version 3.0.20 suffers from multiple remote SQL injection vulnerabilities.
fc7850e6e21a2032ad53e445d442097fd1c307a1e013f02a32be1ba3086dedf5
CubeCart versions 3.0.20 and below suffer from a remote shell upload vulnerability.
5a4b36cf177e335df069f18ff50a86a8c47e2a1d3366c93ee123d70335c68349