Windows Disable Windows ICF, Command Shell, Bind TCP Inline

Disable the Windows ICF, then listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 529 include Msf::Payload::Windows include...

Captcha - response validation bypass

Captcha validation can be bypassed by manipulating request variables while posting or by providing certain incorrect responses. This defeats the purpose of the captcha and makes automated submission possible. Versions affected All versions of Captcha 4.7.x prior to Captcha 4.7-1.2. All versions o...

Drupal Acidfree模块节点标题SQL注入漏洞

WebSpell是一款基于PHP的WEB应用程序。 WebSpell不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是脚本对用户提交的Node标题参数缺少过滤，提交恶意SQL脚本代码作为参数数据，可更改原来的SQL逻辑，导致获得敏感信息。 Drupal Acidfree Module 4.7 Drupal Acidfree Module 4.6 厂商解决方案 升级程序： Drupal Acidfree Module 4.6 Drupal acidfree-4.6.x-1.0.tar.gz...

CVE-2007-0506

The projectissueaccess function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests...

CVE-2007-0334

CVE-2007-0334 affects InGate Firewall and SIParator SIP module prior to version 4.5.1. The issue is a replay vulnerability in the authentication mechanism, allowing remote attackers to replay credentials or authentication data. No concrete exploit details are provided in the supplied documents. R...

Limbo CMS Module event 1.0 Remote File Include Vulnerability

No description provided by source. ----------------------------------------------- Limbo CMS event module lmabsolutepath Remote File Include Vulnerabilities ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code:...

Limbo CMS Module event 1.0 Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================ Limbo CMS Module event 1.0 Remote File Include Vulnerability ============================================================ ----------------------------------------------- Limbo CM...

myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability

No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- myPHPNuke Gallery Module basepath Remote File Include =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Found: Cyber-Security.Org...

mxBB Module Charts <= 1.0.0(module_root_path) Remote File Include Vulnerability

Title : mxBB Module Charts = 1.0.0modulerootpath Remote File Include Vulnerability Author : ajann Contact : : S.Page : http://www.mx-system.com ERROR------------------------------------------------------ .... .. include$modulerootpath . 'language/lang' . $language . '/langcharts.' . $phpEx;...

CVE-2006-6567

PHP remote file inclusion vulnerability in includes/kbconstants.php in the Knowledge Base mxkb 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the modulerootpath parameter...

CVE-2006-6568

Directory traversal vulnerability in includes/kbconstants.php in the Knowledge Base mxkb 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. dot dot sequence in the phpEx parameter...

mxBB Module Activity Games 0.92 Remote File Include Vulnerability

No description provided by source. mxact mxBB Games Module --Remote File Inclusion Exploit Bug Found & Exploit coded By Dr Max Virus Download:http://www.mx-system.com/index.php?page=4&action=file&fileid=71 Problem area: if !fileexists$mxrootpath . 'modules/mxact/language/lang'...

MXBB Profile Control Panel 0.91c - Module Remote File Inclusion

MXBB Profile Control Panel 0.91c - Module Remote File Inclusion source: https://www.securityfocus.com/bid/21520/info The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

CVE-2006-6217

The CVE describes a PHP remote file inclusion vulnerability in formdisp.php of the Mermaid 1.2 module for PHP-Nuke, allowing remote attackers to execute arbitrary PHP code via a URL supplied in the module_name parameter. Affected software: Mermaid 1.2 module for PHP-Nuke. Root cause: improper han...

mxBB Module calsnails 1.06 - mx_common.php File Inclusion

mxBB Module calsnails 1.06 - mxcommon.php File Inclusion mxBB calsnails module 1.06 Remote File Inclusion Vulnerability Bugfounder: bd0rk || SOH-Crew Website: www.soh-crew.it.tt Gr33tings: nukedx, DeeJay, TheJT, str0ke Mod-Download:...

All Topics phpBB模块SQL注入漏洞

All Topics是phpBB中的一个模块，允许用户在一个页面中显示所有的主题，或选择论坛主题。 远程攻击者可以利用All Topics模块中的SQL注入漏洞在论坛中执行任意代码。 Peter Nijssen All Topics 1.5 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpbbhacks.com/download/2821 http://www.example.com/alltopics.php?mode=order=ASCstart=malicious SQL...

phpBB Spider Friendly Module <= 1.3.10 File Include Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' | \\ | \\ | \ . . |\ \ \ /\ \ / /| || | | | | \ | \ Y / | || | | \ | \ \ / | || | |/ // / / ||| \ | / / \ / \ |\ /\ / / \ / \ | | | | / /\ \ / \ / \ | | | | / | / Y \ || / /| /| /...

phpBB News Defilante Horizontale模块phpbb_root_path参数远程文件包含漏洞

News Defilante Horizontale是phpBB中所使用的一个模块。 News Defilante Horizontale模块在处理用户请求时存在输入验证漏洞，远程攻击者可能通过利用此漏洞在服务器上以Web进程权限执行任意指令。 phpBB的includes/functionsnewshr.php文件没有正确的验证对phpbbrootpath参数的输入，允许攻击者通过包含本地或外部资源的文件导致执行任意PHP代码。成功攻击要求打开了registerglobals。 phpBB Group News Defilante Horizontale FR = 4.1.1...

PHP-Nuke Book Catalog模块upload.php任意文件上传漏洞

PHP-Nuke的Book Catalog模块是基于Web的软件，允许用户归档整理电子图书。 PHP-Nuke在处理文件上传时存在漏洞，远程攻击者可以利用Book Catalog模块的upload.php文件中的输入验证错误上传任意文件。 SAP Basis Community Book Catalog 1.0 厂商补丁： SAP Basis Community ------------------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

phpBB Archive for Search Engines模块phpbb_root_path文件包含漏洞

phpBB Archive for Search Engines是phpBB中所使用的搜索模块。 phpBB Archive for Search Engines模块处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意指令。 Archive for Search Engines模块的templates/archive/archivetopic.php脚本没有正确地验证phpbbrootpath参数的输入，允许攻击者通过包含本地或外部资源的任意文件导致执行任意PHP代码。 Mambo Power phpBB Archive for Search...