43 matches found
EUVD-2007-4523
Malware in sbrugna...
EUVD-2012-4207
Malware in sbrugna...
EUVD-2005-4025
Malware in sbrugna...
EUVD-2001-1437
Malware in sbrugna...
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...
CVE-2024-1762
CVE-2024-1762 affects NextScripts: Social Networks Auto-Poster for WordPress. The vulnerability is Stored XSS in HTTP_USER_AGENT present in all versions up to 4.4.3 due to insufficient sanitization/escaping. Exploitation requires the victim to view the page with the cron events list (“All Cron Ev...
CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2024-1762 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Unauthenticated Stored Cross-Site Scripting via User Agent
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...
CVE-2021-4252
CVE-2021-4252 affects the WordPress WP-Ban plugin, specifically the function toggle_checkbox in ban-options.php. The issue arises from manipulating the request header value $_SERVER["HTTP_USER_AGENT"], enabling cross-site scripting. The vulnerability can potentially be initiated remotely. A patch...
GHSA-Q6V4-XJP2-8GGV Securimage HTML Injection
HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...
Securimage HTML Injection
HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...
UADMIN Botnet 1.0 - 'link' SQL Injection
Exploit Title: UADMIN Botnet 1.0 - 'link' SQL Injection Google Dork: n/a Date: 2020-03-16 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link'; $agent=esc$SERVER'HTTPUSERAGENT';...
CVE-2017-14077
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...
Design/Logic Flaw
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...
CVE-2017-14077
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $SERVER'HTTPUSERAGENT' parameter to exampleform.ajax.php or exampleform.php...
phpTrafficA 2.3 SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: phpTrafficA Product page: http://soft.zoneo.net/phpTrafficA/ Affected versions: Up to and including 2.3 latest as of writing. Description: An SQL injection exists in Php/Functions/logfunction.php, line 933: $sql3 ="INSERT INTO $tablehost SET...
Apache mod_cgi Bash Environment Variable Code Injection
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Apache modcgi Bash Environment Variable Code Injection', 'Description' = %q This module exploits a code injection in specially crafte...
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTPUSERAGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler...
Cmseasy某处SQL盲注漏洞(绕过360防护)
简要描述: 注入..但是木回显 盲注了.. 详细说明: index.php 84行 stats::getbot; 由于初始化的时候也没对$SERVER做过滤的什么措施 导致的注入 stats.php 13行到78行 getbot 这个功能是看蜘蛛的记录 $SERVER 没过滤 我们只需要把HTTPUSERAGENT伪造成蜘蛛的就ok了 public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName =...
CVE-2012-4263
Cross-site scripting XSS vulnerability in inc/admin/content.php in the Better WP Security betterwpsecurity plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTPUSERAGENT header...