5294 matches found
SugarCRM REST Unserialize PHP Code Execution
This module exploits a PHP Object Injection vulnerability in SugarCRM CE 'SugarCRM REST Unserialize PHP Code Execution', 'Description' = %q This module exploits a PHP Object Injection vulnerability in SugarCRM CE 'EgiX', 'License' = MSFLICENSE, 'References' = 'URL', 'http...
Linux Webserver Folders Deleted in Fairware Attacks
Linux server admins are reporting attacks resulting in the disappearance of the server’s web folder and websites being down indefinitely. Posts to the forums on the BleepingComputer website corroborate a number of such attacks, most likely intrusions powered by brute-force attacks against SSH,...
Goron WebServer 2.0 - Multiple Vulnerabilities
Exploit for windows platform in category dos / poc """ Exploit Title: Goron Web Server 2.0 - Multiple Vulnerabilities Date: 26/08/2016 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor Homepage:...
TikiWiki 15.1 ELFinder Unauthenticated File Upload
Description A file upload vulnerability in Tiki Wiki --Part83012510490351498898101-- 3. Info Author: Mehmet Ince https://www.exploit-db.com/exploits/40091/...
Dealing with IIS FastCGI vulnerability-vulnerability warning-the black bar safety net
Problem description: FastCGI parsing vulnerability WebServer Fastcgi configured improperly, can cause other files, such as css, js, jpg and other static files are treated as php script parsing to perform. When the user inserts a malicious script webshell to static files uploaded to the webserver...
BelliniSupercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities
BelliniSupercook Wi-Fi Yumi SC200 - Multiple Vulnerabilities ''' Bellini/Supercook Wi-Fi Yumi SC200 - Multiple vulnerabilities Reported By: ================================== James McLean - Primary: james dot mclean at gmail dot com Secondary: labs at juicedigital dot net Device Overview:...
OWASP Mth3l3m3nt Framework - Penetration Testing Aiding Tool And Exploitation Framework
OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface. Modules Packed in so far are: Payload Store Shell Generator PHP/ASP/JSP/JSPX/CFM Payloa...
Tiki Wiki 15.1 - File Upload (Metasploit)
Tiki Wiki 15.1 - File Upload Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tiki Wiki Unauthenticated File Upload Vulnerability', 'Description' = %q This module...
Linux Home Folder Accessible (HTTP)
The script attempts to identify files of a linux home folder accessible at the webserver. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-late...
http-mcmp NSE Script
Checks if the webserver allows modcluster management protocol MCMP methods. The script sends a MCMP PING message to determine protocol support, then issues the DUMP command to dump the current configuration seen by modclustermanager. References: Script Arguments slaxml.debug See the documentation...
WordPress Simple Backup Plugin 2.7.11 - Multiple Vulnerabilities
Simple Backup plugin is prone to multiple vulnerabilities, such as arbitrary file deletion and file download vulnerabilities. Because of these issues, an attacker can download remote files from the webserver delete arbitrary files without any authentication and permission. Solution Update the...
WordPress Simple Backup 2.7.11 Plugin - Multiple Vulnerabilities
Exploit for php platform in category web applications Meta information Exploit Title: Wordpress plugin simple-backup - Multiple vulnerabilities Date: 2016-06-02 Exploit Author: PizzaHatHacker A gmail . com Vendor Homepage: DEAD LINK https://wordpress.org/plugins/simple-backup/ Software Link: DEAD...
WordPress Plugin Simple Backup 2.7.11 - Multiple Vulnerabilities
WordPress Plugin Simple Backup 2.7.11 - Multiple Vulnerabilities Meta information Exploit Title: Wordpress plugin simple-backup - Multiple vulnerabilities Date: 2016-06-02 Exploit Author: PizzaHatHacker A gmail . com Vendor Homepage: DEAD LINK https://wordpress.org/plugins/simple-backup/ Software...
FreeBSD : phpmyadmin -- XSS and sensitive data leakage (00ec1be1-22bb-11e6-9ead-6805ca0b3d42)
The phpmyadmin development team reports : Description Because user SQL queries are part of the URL, sensitive information made as part of a user query can be exposed by clicking on external links to attackers monitoring user GET query parameters or included in the webserver logs. Severity We...
Moneybird: information disclose
Researcher found a disclosure of the server version of our website. We have removed this information from our webserver responses...
小云wifi路由器默认webserver 代理服务未授权访问
No description provided by source...
phpmyfaq -- cross-site request forgery vulnerability
The phpMyFAQ team reports: The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator...
Webserver Access Detection
Binary data 9178.prm...
Debian Security Advisory DSA 3489-1 (lighttpd - security update)
lighttpd, a small webserver, is vulnerable to the POODLE attack via the use of SSLv3. This protocol is now disabled by default. OpenVAS Vulnerability Test $Id: deb3489.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3489-1 using nvtgen 1.0 Script version: 1.0 Author:...
Debian: Security Advisory (DSA-3489-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...