Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

Linux Distros Unpatched Vulnerability : CVE-2026-48687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in...

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

EUVD-2019-6681

Malware in sbrugna...

CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

HaxCMS-PHP Command Injection Vulnerability

Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’setremote’ function later passes this input into ’procopen’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ functio...

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

Exploit for OS Command Injection in Php

Incident Response Walkthrough: Mitigating a Zero-Day Attack...

Metasploit Weekly Wrap-UP

GLPI htmLawed PHP Command Injection Our very own bwatters-r7 wrote a module for an unauthenticated PHP command injection vulnerability that exists in various versions of GLPI. The vulnerability is due to a third-party vendor test script being present in default installations. A POST request to...

GLPI 10.0.2 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GLPI htmLawed php command injection', 'Description' = %q This exploit takes advantage of a unauthenticated php command injection available from...

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

MyLittleForum 2.3.5 - PHP Command Injection

Exploit for php platform in category web applications / + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt + ISR: APPARITIONSEC Vendor: ================= mylittleforum.net Download:...

CF Image Host 1.65 - PHP Command Injection

CF Image Host 1.65 - PHP Command Injection + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-PHP-CMD-INJECTION.txt Vendor: ==================================== codefuture.co.uk/projects/imagehost Product:...

CF Image Host 1.65 - PHP Command Injection

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-PHP-CMD-INJECTION.txt Vendor: ==================================== codefuture.co.uk/projects/imagehost Product: =================================== CF Image Host 1.65 - 1.6.6...

[MORNINGSTAR-2009-02] Multiple security issues in Cute News and UTF-8 Cute News

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

CuteNews and UTF-8 CuteNews - Multiple Vulnerabilities

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information ------------------------------------------------------------------------------------------------------------------------ Title: Multiple security...

CuteNews and UTF-8 CuteNews - Multiple Vulnerabilities

CuteNews and UTF-8 CuteNews - Multiple Vulnerabilities MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Cute News and UTF-8 Cute News 1. Advisory Information...

CuteNews and UTF-8 CuteNews Multiple Security Vulnerabilities

Exploit for unknown platform in category web applications ============================================================= CuteNews and UTF-8 CuteNews Multiple Security Vulnerabilities ============================================================= Multiple security issues in Cute News and UTF-8 Cute...

PHP 3.0.x < 3.0.17 / 4.0.x < 4.0.3 Error Log Command Injection

Binary data 1480.prm...