This Metasploit module exploits an unauthenticated directory traversal vulnerability which exists in TVT network surveillance management software-1000 version 3.4.1. NVMS listens by default on port 80.
d3404986603602d4077e3d8aaa33e60ff8d0b2719ff6ca6dd8886495eda22f7d
MasterStudy LMS, a WordPress plugin, prior to 2.7.6 is affected by a privilege escalation where an unauthenticated user is able to create an administrator account for wordpress itself.
278defc13ab82ac5e7aef75ef7a23960a66a3d65cd95657499f6fbfcae4bcf38
Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
00cb85e5ab25f2d5091aa8c72d9d5252d08919dce9dbd37743bea7469e5dbc51
Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.
698ef6e35dc8ca09f1857de4c6b56f25be500ed741ecd49ee2cd7f5d8dbf30ef
WordPress MasterStudy LMS plugin version 2.7.5 suffers from a missing access control allowing an unauthenticated party the ability to create an administrative account.
a3a490fa31272315dc3b33abac3a970e548d08d2ce2376d9748f5e401a62604f
Usermin version 1.820 authenticated remote code execution exploit.
1269514ec09dd065b78ba3dc999b0430fa4c0a9cedd960a589ba52d447a070a5
ZesleCP version 3.1.9 authenticated remote code execution exploit.
13dc036088e14a3dceb02f4bb93c56fa35609cd89f5f254b27c676047a24cb78
CyberPanel version 2.1 authenticated remote code execution exploit.
09cef76696c3f322663bcaedb3554377b61ecaadf24c49140593ee2a871b9d80
VestaCP version 0.9.8 suffers from a command injection vulnerability.
938b6d6c27f61c9809c0637869f486e2fe7cb522a5ec286367a8f2f9bb53eebb
Hestia Control Panel version 1.3.2 suffers from an arbitrary file write vulnerability.
8b07c29d22da704987a057fc57eda3059e580a1bc74f3d39dc736521084796f9
VestaCP version 0.9.8 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting was discovered in this version in February of 2016 by Necmettin COSKUN.
936b7288bed9dcf93c8a516f91cad5a07fbe2daf994ea79501c73aef2e6153aa
YetiShare File Hosting Script version 5.1.0 suffers from a server-side request forgery vulnerability.
267963706eb600892bf78eae10349bea0978bddee0ad4d5e7923f6769861288d
This Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in the security vulnerability.
fd9d232691fc54e620006cc480b1bc31a3d0a9f3015b5ff23f6b2af4b02b0a6e
NVMS-1000 suffers from a directory traversal vulnerability.
f1c11abd36b12a347c4f48a04a3556a2af087fcd5951ff65d04144b4ddf23398
Bullwark Momentum Series JAWS version 1.0 suffers from a directory traversal vulnerability.
812ea067f8411484fcca9fa042d4db7bb3aaad1b2fbd3bcfba9f99c82a72d77e
Crystal Live HTTP Server version 6.01 suffers from a directory traversal vulnerability.
a2124740820c2e0d6ff88759285feeb95e3df9273457fcc5ae7c11f03c6e5dd1
gSOAP version 2.8 suffers from a directory traversal vulnerability.
10e3f480d11820c7ca0b9b68a2bc1ee47cdcfadb6e020a9d09309e174ef9005d
Interspire Email Marketer version 6.20 suffers from a remote code execution vulnerability in surveys_submit.php.
45d131e6a2425bb502f4a5d754152dd1a73aa4d4cac8f190794723acfe99d49e
This Metasploit module exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgrade_handle.php file.
0e6d6f16b31358d1595593354838281181d64f454a338a4ce6a5d4c2cc1f34b3
Zyxel VMG1312-B10D 5.13AAXA.8 suffers from a directory traversal vulnerability.
60c8e9a5e09699dcc7795a645cfb7557da62d34304af0a5f585f8638ad3a1365
ZyXEL VMG3312-B10B versions prior to 1.00 (AAPP.7) suffer from a credential disclosure vulnerability.
043dd9f6802d82984a7afef78cd5da2562fb13860ca43e1bd31ad2d12e9cdc30