exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files

ATutor 2.2.4 Arbitrary File Upload / Command Execution
Posted Aug 5, 2019
Authored by liquidsky

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-12169
SHA-256 | 68b1f5ef4f43ce98748eca51235dfb77dab8a8340683912b52e996264a98eec7

Related Files

ATutor 2.2.4 Directory Traversal / Remote Code Execution
Posted Jun 30, 2020
Authored by liquidsky, Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.

tags | exploit, arbitrary, file upload
advisories | CVE-2019-12169
SHA-256 | 344a78946baa67ebb531073dad88904763b7f86e0bf52c4f8197e8fc0c0f179d
ATutor LMS 2.2.4 Weak Password Reset Hash
Posted May 5, 2020
Authored by Hodorsec

ATutor LMS version 2.2.4 suffers from having a weak password reset hash.

tags | exploit
SHA-256 | 695d43c107bcbb8c5b7a5b23041b58961922c09223a6f7f84fa51fde122cb2f4
ATutor 2.2.4 SQL Injection
Posted Feb 23, 2020
Authored by Andrey Stoykov

ATutor version 2.2.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e1926912b31ec559709af89d502a88acfe99b72aab9f35f9d21f289e65d21149
ATutor 2.2.4 Backup Remote Command Execution
Posted Aug 5, 2019
Authored by liquidsky

ATutor version 2.2.4 suffers from a backup functionality remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2019-12170
SHA-256 | 06e7c86f7744d78ae2778cf7d8005061d4ab736263b7669b8d90987a354be32a
ATutor file_manager Remote Code Execution
Posted Apr 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | e818dbce1a6208f6186c65252ddd95a25f1f0b84f2a4a999e93d6590533bfe01
ATutor 2.2.2 Cross Site Request Forgery
Posted Nov 14, 2016
Authored by Saravana Kumar

ATutor version 2.2.2 cross site request forgery proof of concept that adds a new course.

tags | exploit, proof of concept, csrf
SHA-256 | edeaafd30bd276a781e2af3947baa3ee22af8623bdfa3c720579cc2bc6a1a0ad
Atutor 2.2.1 Path Traversal
Posted Aug 3, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Atutor version 2.2.1 suffers from a path traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 7d2dc31a94a36d60ffffd314cd5eefeb8657f7e9d1c878147cc716b00e4d2e23
ATutor 2.2.1 Directory Traversal / Remote Code Execution
Posted Mar 29, 2016
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to login to the target to reach the vulnerability, however this can be done as a student account and remote registration is enabled by default. Just in case remote registration isn't enabled, this module uses 2 vulnerabilities in order to bypass the authentication.

tags | exploit, remote, web, php, vulnerability
SHA-256 | 785e70dc713dbe9859a24caed94df37a4548874034fcd9af2cb5fcfe2e29d3b8
ATutor LMS 2.2.1 CSRF Remote Code Execution
Posted Mar 7, 2016
Authored by mr_me

ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.

tags | exploit, remote, php, code execution, csrf
advisories | CVE-2016-2539
SHA-256 | a2979fb7ec37494a903eb30ee43ad91332dca8b48a2bc6b4adfe613fa9fc6001
ATutor 2.2.1 SQL Injection / Remote Code Execution
Posted Mar 1, 2016
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrators interface where they can upload malicious code. You are required to login to the target to reach the SQL Injection, however this can be done as a student account and remote registration is enabled by default.

tags | exploit, remote, sql injection
advisories | CVE-2016-2555
SHA-256 | a6c389a060af6250a11b90dc368c3767a38101c233bf56de262525913aae7d39
Atutor 2.2 Cross Site Scripting
Posted Feb 3, 2016
Authored by Tim Coen | Site curesec.com

Atutor version 2.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 50ffe9f30ffc04cbef2b00aabb0430927dda4e691a9a92e61ad6aaff6e67387d
ATutor 2.2 PHP Code Injection
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2015-7712
SHA-256 | d68f51a39b755fe477331334371a85a9867f5564885f7740eefbf41a2c9a3341
ATutor 2.2 Cross Site Scripting
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7711
SHA-256 | 3f019a580730a65969fb1ee296eee1f664af50dc8c239571889044cbaa6c68b0
ATutor 2.2 Session Variable Overloading
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.

tags | advisory
advisories | CVE-2014-9753
SHA-256 | fbaac07ae5c801f3305296ae4796cdbada7788e75ace0989665efa6ffddd79c9
ATutor 2.2 File Upload
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2014-9752
SHA-256 | bfe91d27b6015c2947337a14fd42a2923a402b9ed2d98972883b08ff15515b82
ATutor LCMS 2.2 Cross Site Request Forgery
Posted Mar 2, 2015
Authored by Edric Teo

ATutor LCMS version 2.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-1583
SHA-256 | 44ffb91b51da80df29764e37e1a573311e6d31e296f500dfaa2f621352facdf5
ATutor 2.1.1 Cross Site Scripting
Posted Feb 22, 2014
Authored by HauntIT

ATutor version 2.1.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 7772d5d04726dc9eca9f992b4b09c7718cd6b7879c83584b7b588b41971c633d
Secunia Security Advisory 51286
Posted Nov 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ATutor, which can be exploited by malicious users to disclose certain sensitive information.

tags | advisory
SHA-256 | 0242fa8a2a3d4c876ff98d99942f763199419c74b87c342400f1f61cd4f48c47
ATutor AContent 1.2 XSS / Authentication / SQL Injection
Posted Oct 18, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

ATutor AContent versions 1.2 and below suffer from improper authentication, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
advisories | CVE-2012-5167, CVE-2012-5168, CVE-2012-5169
SHA-256 | f884299c5d9976c978753e2b78b0f47541e45479ec64ddb6f85cd4a678ba506e
ATutor 2.0.3 Cross Site Scripting
Posted Apr 26, 2012
Authored by HauntIT

ATutor version 2.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 25ed6e587c012b65b116ba47695efccbeb5d93134c0cc3757f392ded9edb4581
Secunia Security Advisory 47597
Posted Jan 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Stefan Schurtz has discovered some vulnerabilities in ATutor, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 2fd5b2d3baff5e98cd1607e4996f3e5326c9101aee3a0a2a5a5d007f5ed4d990
ATutor 2.0.3 Cross Site Scripting
Posted Jan 16, 2012
Authored by Stefan Schurtz

ATutor version 2.0.3 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4cfa3c57e77b9ceeffcd356fee640940bff182ff0b242d58af97760fcf03225f
ATutor 2.0.2 HTTP Response Splitting
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor version 2.0.2 suffers from a HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | da8399ab3bad548b518a4945303c6c748c100bc0caaeae91414d81c717c8ce1e
ATutor 2.0.2 Cross Site Scripting / SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 156e8ca29442c39dd68f426ab627536ea459ec2f62caf6d738900896523fcea0
ATutor AChecker 1.2 Cross Site Scripting / Path Disclosure
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f051fdf159320c7c589e285d8b88bea2bf95dbf5dda51944394344650d558b95
Page 1 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close