581 matches found
Omeka 2.2.1 - Remote Code Execution
Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...
PHP Grade Book 1.9.4 Unauthenticated SQL Database Export
No description provided by source. 'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the...
Moodle Blog 1.18.2.2/1.6.2 Module SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20395/info Moodle is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application, access or modify data, ...
Splunk 5.0 Custom App Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Microweber CMS 0.93 - CSRF Vulnerability
No description provided by source. Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can u...
Microweber CMS 0.93 - Cross-Site Request Forgery
Microweber CMS 0.93 - Cross-Site Request Forgery Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where...
Microweber CMS 0.93 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC...
Design/Logic Flaw
The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...
NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)
require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer McIntyre', , 'License' = MSFLICENSE, 'References' = , 'Arch' =...
Splunk 5.0 - Custom App Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Splunk 5.0 Custom App Remote Code...
Splunk 5.0 Custom App Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Splunk 5.0 Custom App Remote Code...
Design/Logic Flaw
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors...
CVE-2011-5135
Multiple SQL injection vulnerabilities in the saveconnection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the 1 coursereportuiconfigname or 2...
CVE-2012-2359
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability...
Splunk Search Remote Code Execution
This module abuses a command execution vulnerability in the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists in the 'mappy' search command which allows attackers to run Python code. To exploit this vulnerability, a valid Splunk user with the admin role is required. By default,...
Vacation Rental Script 4.0 - Cross-Site Request Forgery
Vacation Rental Script 4.0 - Cross-Site Request Forgery Exploit Title: Vacation Rental Script v4.0 XSRF VULNERABILTY Google Dork: "2006 - 2009 Vacation Rental Script" Date: 24.12.2010 Author: OnurTURKESHAN Software Link: http://www.vacationrentalscript.com/ Version: v.4.0 Tested on: v4.0 TEsted...
Month Of Abysssec Undisclosed Bugs - VWD-CMS 2.1
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Wellcome to My Site! Hello! ... ... ... This page remove Admins Role in VWD-CMS...
VWD-CMS - Cross-Site Request Forgery
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Wellco...
IBM WebSphere Application Server 6.1 < 6.1.0.31 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - It is possible for Administrator role members to modify primary administrative id via the administrative console. PK88606 - An...
Design/Logic Flaw
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active...