CVE-2015-5265

The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button i...

CVE-2015-5265

CVE-2015-5265 affects Moodle wiki component: versions up to 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8 and 2.9.x before 2.9.2 fail to enforce the mod/wiki:managefiles capability when authorizing file management. This allows remote authenticated users to delete arbitrary files via a manage-fi...

Blade - A Webshell Connection Tool With Customized WAF Bypass Payloads

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper 中国菜刀. Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is th...

KODExplorer 3.21 Cross Site Request Forgery

================================================================================ KODExplorer web file manager - Cross Site Request Foreign ================================================================================ Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ -...

Tequila File Hosting 1.5 Cross Site Scripting

================================================================================ Tequila File Hosting Coss Site Scripting ================================================================================ Vendor Homepage: http://codecanyon.net/item/tequila-file-hosting-script/7604312 Date: 16/12/20...

Tequila File Hosting 1.5 - Multiple Vulnerabilities

================================================================================ Tequila File Hosting Arbitrary File Download ================================================================================ Vendor Homepage: http://codecanyon.net/item/tequila-file-hosting-script/7604312 Date:...

B374K - PHP Webshell with handy features

This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser. Features : File manager view, edit, rename, delete, upload, download, archiver, etc Search file, file content,...

Monsta FTP 1.6.2 - Multiple Vulnerabilities

Monsta FTP 1.6.2 - Multiple Vulnerabilities Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com Software Link: www.monstaftp.com Version: monstaftpv1.6.2 Test...

Monsta FTP 1.6.2 - Multiple Vulnerabilities

Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com Software Link: www.monstaftp.com Version: monstaftpv1.6.2 Tested on: windows 7 SP1 XAMPP Category: WebApps...

Easy File Management Web Server USERID Buffer Overflow Vulnerability

Easy File Management Web Server is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow Exploit

Easy File Management Web Server version 5.6 suffers from a USERID remote buffer overflow vulnerability. !/usr/bin/python Exploit Title: Easy File Management Web Server v5.6 - USERID Remote Buffer Overflow Version: 5.6 Date: 2015-08-17 Author: Tracy Turben email protected Software Link:...

Easy File Management Web Server 5.6 Buffer Overflow

!/usr/bin/python Exploit Title: Easy File Management Web Server v5.6 - USERID Remote Buffer Overflow Version: 5.6 Date: 2015-08-17 Author: Tracy Turben [email protected] Software Link: http://www.efssoft.com/ Tested on: Win7x32-EN Special Thanks To: Julien Ahrens for the crafted jmp esp Trick...

Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow

Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow !/usr/bin/python Exploit Title: Easy File Management Web Server v5.6 - USERID Remote Buffer Overflow Version: 5.6 Date: 2015-08-17 Author: Tracy Turben [email protected] Software Link: http://www.efssoft.com/ Tested on:...

PHPfileNavigator 2.3.3 Privilege Escalation

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812b.txt Vendor: ========================= pfn.sourceforge.net Product: ===================================================== PHPfileNavigator v2.3.3 pfn...

The vulnerability of the Moodle learning management system allows a hacker to bypass access restrictions for managing files.

The vulnerability of the files/externallib.php sub-component of the Moodle learning management system is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent access restrictions to file management by using web...

Q-shell - Quick Shell for Unix Administrator

q-shell is quick shell for remote login into Unix system, it use blowfish crypt algorithm to protect transport data from client to server, you can get two program: 'qsh' for client, and 'qshd' for server, those program can rename by any name with you prefer. Compile Just enter 'make' and it will...

CVE-2015-3181

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restriction...

WebDrive 12.2 Buffer Overflow

!/usr/bin/python Exploit Title:WebDrive Buffer OverFlow PoC Author: metacom Vendor Homepage: http://www.webdrive.com/products/webdrive/ Software Link: https://www.webdrive.com/products/webdrive/download/ Version: 12.2 build 4172 32 bit Date found: 31.05.2015 Date published: 31.05.2015 Platform:...

MGASA-2015-0229 Updated moodle packages fix security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag CVE-2015-3174. In Moodle before 2.6.11, some error messages displa...

OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities

Document Title: =============== OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ===================================...