Rukovoditel version 2.6.1 remote code execution exploit that leverages shell upload and local file inclusion vulnerabilities.
975b7ba7dfc1c500ea9e23d90655a5643b1a793677defc9ec265442ecab49fceDolibarr version 12.0.3 remote SQL injection exploit that achieves remote code execution.
752f6eae60abdb96ea2bf446f22afe9d2446db44df565231549fcd6896d20f74This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.
c76d8f741d62e082e4021197c4f997d2888355186e9e04b1278f52540744b1faPHP-Fusion version 9.03.60 suffers from a PHP object injection vulnerability.
5383acba2c3cd45f7cc3223b5af3fe592644b62ab6fd29c75bc0a912e99554faPHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.
9499083374865e6afdcc98bbc3435e3e7b6d82a57f0a3486fba8428713cc05edPHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.
c6b9922795d11a23e3b4151c57c54613d48ea125dc0bc2b428d1acbb0c0f9f47YesWiki cercopitheque version 2020.04.18.1 suffers from a remote SQL injection vulnerability.
7f55d22fdee5a2d9fa9d1c21ce50be96851a1da64e897c647d1d71c018e37c9f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed