This Metasploit module exploits a directory traversal vulnerability found in WebPageTest. Due to the way the gettext.php script handles the file parameter, it is possible to read a file outside the www directory.
c8fc5793bb9641b12b4d2106a06fb4d479a668d64206809ae721e664f0532142Bosch Security Systems DVR 630/650/670 series systems suffer from remote command execution as root and administrative password disclosure vulnerabilities.
18008cc1143109069e53b4f19c4566bfb1d2dddbb33961d180e4ec88b730836eAllied Telesis AT-MCF2000M version 3.0.2 suffers from a local root-level privilege escalation vulnerability.
ff5d7406c17bd8ff7fdbdde80e74244fd325b7101bde127bdef0b679b0c3a63eThis Metasploit module exploits a vulnerability found in Narcissus image configuration function. This is due to the backend.php file not handling the $release parameter properly, and then passes it on to the configure_image() function. In this function, the $release parameter can be used to inject system commands for passthru (a PHP function that's meant to be used to run a bash script by the vulnerable application), which allows remote code execution under the context of the web server.
e4e301239f9dd9233d1f53f7eeec494854791ab17cbfc496d7ff9fc4c9b4e501Narcissus online image builder suffers from a remote command execution vulnerability.
1e7e866c2471ee4f3e78a4cbfbe1c015cc3162c100922051cb553dfb05ba2c43dotProject versions 2.1.6 and below suffer from a remote file inclusion vulnerability.
fa2ee4b0d4a5a30660b415dc6dd6f5911f2d4414c98606428fee81675aaad1d2netOffice Dwins versions 1.4p3 and below suffer from a remote SQL injection vulnerability.
39d41b4252de6df2de9804cbc38a0b31dfb7d7ffc050c10e0eb5d04a5d71b5acThis Metasploit module exploits multiple design flaws in Sflog 1.0. By default, the CMS has a default admin credential of "admin:secret", which can be abused to access administrative features such as blogs management. Through the management interface, we can upload a backdoor that's accessible by any remote user, and then gain arbitrary code execution.
df8a3a625895eb3faaf98942ef2a7cf7f43469012acc9d053eb309172b671640WebPA versions 1.1.0.1 and below suffers from add administrator and arbitrary file upload vulnerabilities.
7bd39787e4c6ec6b66ddfce46cc21cd8e97656ed439b597e522d5ba157e0a4fdWeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
cadf34d43c06b4a8884f133bd4533936acc454d86939dd74decdbe83787a788eThis Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.
12ff7aba4342dfbb7f5a516aa01579569cbaf4c1cb86bb84f42047ca2ada8e0bWebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.
89dcea13ec2ce098c36406bb3eb0f66cf4abc25e56f9529e8cf96f1886dc3447sflog! versions 1.00 and below suffer from local file inclusion, administrative password disclosure, and remote shell upload vulnerabilities.
a330468dd724ab2f78215e629c1c00b9dcb52c8249a68c63ac563236adda7e5aphpMyBackupPro versions 2.2 and below suffer from a local file inclusion vulnerability.
166b21bdc9185f708bd036262f1a876d4441fdd2ba9d32aff7948aae343ed8f3webERP versions 4.08.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
5267f890f545bb735b1c39589e72551064eb335e1539e0d265bf1035279b0379UCCASS versions 1.8.1 and below suffer from a remote blind SQL injection vulnerability.
b8c072201969e215c928967dd018fca97955e7ebb45ed7b5871beabe68f2e728WEBO Site SpeedUp versions 1.6.1 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
dbbeead6c82b71d756c0ca61fa554f3516d4601267dfee26551ae5dc6fcbfb75LimeSurvey version 1.92+ Build 120620 suffers from remote file inclusion and traversal vulnerabilities.
43b9b487eafdbab47658da07aab4f8a2286ff8e53d69af4f8c40cae632fc2132Joomla Captcha plugin versions 4.5.1 and below suffer from a file disclosure vulnerability.
baf1c42d247040cd6931959edd7c8d25ca37a0a5dfed9e017d87f7b18b7f9080Sahana Agasti versions 0.6.5 and below suffer from local file inclusion, configuration disclosure, and shell upload vulnerabilities.
e8cf126863abb188c34e9252d11a60131e806dbbc1654754588aff64e8898f13PhpGedView versions 4.2.3 and below suffer from a local file inclusion vulnerability.
19ea92c71589238fc0dd4885e41ff3a75c2f0448d77ca49c1fcca0f5ccb555eeSahana Agasti versions 0.6.4 and below suffer from a remote SQL injection vulnerability.
c43b0c9ca78cd8229308c5d4edb24c33144301e739d1ef9fd747857df7113230ChurchInfo versions 1.2.12 and below suffer from a remote SQL injection vulnerability.
eec17a6657cd7a6bef191aaf714616f4f50fd38065ac04c7498ca2bdba360e94Star Downloader Free versions 1.45 and below universal SEH overwrite exploit.
ab6dea0952c0b1a664d818019ec8054f3e16fc46645f68d5dce4ff804577a426HTML Email Creator versions 2.1b668 and below local SEH overwrite exploit.
ed2aad125051b8d77061972988f7b5974fd2c101d19de765f0c58eea046705e9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed