File Inclusion Vulnerability in Apache Tomcat Server

Apache and Tomcat are Apache open source organization developed to handle HTTP services project , both are free , both can be run as a stand-alone Web server . Apache Tomcat server has a file inclusion vulnerability that can be exploited by an attacker to read or include arbitrary files in all...

Metasploit Sample Webapp Exploit

Exploit for python platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit module could be written to exploit a bug in an arbitrary web server cla...

Metasploit Sample Webapp Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit module could be written to exploit a bug in an arbitrary web server class MetasploitModule 'Sample Webapp Exploit', 'Description...

CVE-2019-25066

creationtimestamp| type| source ---|---|--- 2019-12-01 16:21:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/ajentiauthusernamecmdinjection.rb 2022-06-09 20:33:27+00:00| seen| https://t.me/cibsecurity/44116 2025-10-23 21:12:58+00:00| seen|...

Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery

Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page: http://www.gavazzi-automation.com | http://www.smarthouse.nu Affected version: Web-app: 6.5.33.17072501 Web-app: 6.5.32.17062101 Web-app: 6.2.3.16102701 Web-app: 5.5.3.16042110...

Carlo Gavazzi SmartHouse 6.5.33 XSS / Cross Site Request Forgery Vulnerabilities

Carlo Gavazzi SmartHouse version 6.5.33 suffers from cross site request forgery along with both reflective and persistent cross site scripting vulnerabilities. Carlo Gavazzi SmartHouse Webapp 6.5.33 CSRF/XSS Vulnerabilities Vendor: Carlo Gavazzi Automation S.p.A Product web page:...

Eclipse Jetty Cross-Site Scripting Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the WebApp JSP Snoop page in EEclipse Jetty 6.1.21 and earlier versions. The vulnerability stems from a lack of proper validation of...

CVE-2009-5049

WebApp JSP Snoop page XSS in jetty though 6.1.21...

CVE-2009-5049

WebApp JSP Snoop page XSS in jetty though 6.1.21...

CVE-2009-5049

WebApp JSP Snoop page XSS in jetty though 6.1.21...

CVE-2009-5049

CVE-2009-5049 affects Jetty, specifically the WebApp JSP Snoop page in Jetty 6.1.21. The vulnerability arises from improper validation of user-supplied input in the WebApp JSP Snoop page, enabling cross-site scripting (XSS). The connected sources consistently describe a WebApp JSP Snoop page XSS ...

Deserialization of untrusted data

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbo...

Inventory Webapp - (itemquery) SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Inventory Webapp SQL injection Data: 05.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/edlangley/inventory-webapp Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...

Inventory Webapp - itemquery SQL injection

Inventory Webapp - itemquery SQL injection Exploit Title: Inventory Webapp SQL injection Data: 05.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/edlangley/inventory-webapp Tested on: Windows Google Dork: N/A ========= Vulnerable Page: ========= /php/add-item.php...

Inventory Webapp - 'itemquery' SQL injection

Exploit Title: Inventory Webapp SQL injection Data: 05.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/edlangley/inventory-webapp Tested on: Windows Google Dork: N/A ========= Vulnerable Page: ========= /php/add-item.php ========== Vulnerable Source: ========== Line3...

0xsp-Mongoose - Privilege Escalation Enumeration Toolkit (ELF 64/32), Fast, Intelligent Enumeration With Web API Integration

Using 0xsp mongoose you will be able to scan a targeted operating system for any possible way for privilege escalation attacks, starting from collecting information stage until reporting information through 0xsp Web Application API. user will be able to scan different Linux os system at the same...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

CVE-2019-9106

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...

Authentication flaw

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

Design/Logic Flaw

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php...