python 3.7 -- multiple vulnerabilities

Python changelog: bpo-37463: ssl.matchhostname no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inetaton implementations ignore whitespace and all data after whitespace, e.g.'127.0.0.1 whatever'. bpo-35907:...

HybridAuth install.php PHP Code Execution Exploit

This Metasploit module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will...

WeBid converter.php Remote PHP Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

vBSEO <= 3.6.0 "proc_deutf()" Remote PHP Code Injection Exploit

Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly sanitized...