Lucene search
K

581 matches found

exploitpack
exploitpack
added 2014/07/24 12:0 a.m.32 views

Omeka 2.2.1 - Remote Code Execution

Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

PHP Grade Book 1.9.4 Unauthenticated SQL Database Export

No description provided by source. 'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the...

5CVSS6.5AI score0.07755EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Moodle Blog 1.18.2.2/1.6.2 Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20395/info Moodle is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application, access or modify data, ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Splunk 5.0 Custom App Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Microweber CMS 0.93 - CSRF Vulnerability

No description provided by source. Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can u...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/04/13 12:0 a.m.20 views

Microweber CMS 0.93 - Cross-Site Request Forgery

Microweber CMS 0.93 - Cross-Site Request Forgery Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where...

0.6AI score
Exploits0
0day.today
0day.today
added 2014/04/13 12:0 a.m.18 views

Microweber CMS 0.93 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC...

7.1AI score
Exploits0
Prion
Prion
added 2013/11/18 5:23 a.m.21 views

Design/Logic Flaw

The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...

3.5CVSS6.7AI score0.01457EPSS
Exploits0References3Affected Software1
Exploit DB
Exploit DB
added 2012/12/20 12:0 a.m.28 views

NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)

require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer McIntyre', , 'License' = MSFLICENSE, 'References' = , 'Arch' =...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2012/12/09 12:0 a.m.24 views

Splunk 5.0 - Custom App Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Splunk 5.0 Custom App Remote Code...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2012/12/08 12:0 a.m.29 views

Splunk 5.0 Custom App Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Splunk 5.0 Custom App Remote Code...

7.4AI score
Exploits0
Prion
Prion
added 2012/11/23 12:9 p.m.11 views

Design/Logic Flaw

The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors...

9CVSS6.7AI score0.02196EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/08/30 10:55 p.m.4 views

CVE-2011-5135

Multiple SQL injection vulnerabilities in the saveconnection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the 1 coursereportuiconfigname or 2...

6CVSS6.3AI score0.00921EPSS
Exploits1References4
NVD
NVD
added 2012/07/21 3:38 a.m.17 views

CVE-2012-2359

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability...

6.5CVSS6.3AI score0.01117EPSS
Exploits0References2
Metasploit
Metasploit
added 2011/12/22 7:4 p.m.26 views

Splunk Search Remote Code Execution

This module abuses a command execution vulnerability in the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists in the 'mappy' search command which allows attackers to run Python code. To exploit this vulnerability, a valid Splunk user with the admin role is required. By default,...

4.6CVSS0.5AI score0.28928EPSS
Exploits7
exploitpack
exploitpack
added 2010/12/25 12:0 a.m.9 views

Vacation Rental Script 4.0 - Cross-Site Request Forgery

Vacation Rental Script 4.0 - Cross-Site Request Forgery Exploit Title: Vacation Rental Script v4.0 XSRF VULNERABILTY Google Dork: "2006 - 2009 Vacation Rental Script" Date: 24.12.2010 Author: OnurTURKESHAN Software Link: http://www.vacationrentalscript.com/ Version: v.4.0 Tested on: v4.0 TEsted...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/09/21 12:0 a.m.18 views

Month Of Abysssec Undisclosed Bugs - VWD-CMS 2.1

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Wellcome to My Site! Hello! ... ... ... This page remove Admins Role in VWD-CMS...

Exploits0
Exploit DB
Exploit DB
added 2010/09/20 12:0 a.m.18 views

VWD-CMS - Cross-Site Request Forgery

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Wellco...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/04/06 12:0 a.m.48 views

IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...

5CVSS5.3AI score0.01881EPSS
Exploits7References15
Prion
Prion
added 2006/01/17 9:3 p.m.13 views

Design/Logic Flaw

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active...

7.2CVSS7.1AI score0.00368EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder