AjaXplorer checkInstall.php Remote Command Execution

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

phpMyAdmin 3.5.2.2 - 'server_sync.php' Backdoor (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin 3.5.2.2 serversync.ph...

phptax 0.8 - Remote Code Execution

phptax 0.8 - Remote Code Execution ----------------------------------------------------- phptax 0.8 Vendor information: "PhpTax is free software to do your U.S. income taxes. Tested under Unix environment. The program generates .pdfs that can be printed and sent to the IRS. See homepage for detai...

SourceForge Investigates Backdoor Code Found in Copy of phpMyAdmin

The popular open-source repository SourceForge is investigating how a corrupted copy of phpMyAdmin came to be served from a Korean-based mirror. Logs indicate 400 users downloaded the malicious file before it was removed from rotation today. “One of the SourceForge.net mirrors, namely...

phpMyAdmin 'server_sync.php'远程后门漏洞

BUGTRAQ ID: 55672 CVE ID: CVE-2012-5159 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin通过"cdnetworks-kr-1" SourceForge mirror系统分发的phpMyAdmin 3.5.2.2及其他版本源文件为phpMyAdmin-3.5.2.2-all-languages.zip，其中包含名为serversync.php的木马，可允许远程攻击者通过调用eval攻击执行任意命令。 0 phpMyAdmin 3.5.2.2 厂商补丁： phpMyAdmin...

phpMyAdmin 3.5.2.2 server_sync.php Backdoor

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin 3.5.2.2 serversync.ph...

phpMyAdmin 3.5.2.2 server_sync.php Backdoor

Exploit for php platform in category web applications $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/cor...

phpMyAdmin 3.5.2.2 server_sync.php Backdoor

This module exploits an arbitrary code execution backdoor placed into phpMyAdmin v3.5.2.2 through a compromised SourceForge mirror. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin...

One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

PMASA-2012-5 Announcement-ID: PMASA-2012-5 Date: 2012-09-25 Updated: 2012-09-26 Summary One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor. Description One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a...

Manhali 1.8 - Local File Inclusion

Manhali 1.8 - Local File Inclusion Exploit Title: Manhali v1.8 Local File Inclusion Vulnerability Date: 20/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.manhali.com/ Software Link:...

webERP <= 4.08.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: webERP =4.08.4 WorkOrderEntry.php SQL Injection Vulnerability Date: 14/09/2012 Exploit Author: modpr0be modpr0beatspentera.com Vendor Homepage: http://www.weberp.org Software Link: http://sourceforge.net/projects/web-erp/files/...

webERP 4.08.4 - &#039;WorkOrderEntry.php&#039; SQL Injection

Exploit Title: webERP =4.08.4 WorkOrderEntry.php SQL Injection Vulnerability Date: 14/09/2012 Exploit Author: modpr0be modpr0beatspentera.com Vendor Homepage: http://www.weberp.org Software Link: http://sourceforge.net/projects/web-erp/files/ Version: 4.08.4 Tested on: Windows 2003 Standard...

Wiki Web Help 0.3.11 Remote File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: Wiki Web Help v0.3.11 Remote File Inclusion Vulnerability Date: 04/9/2012 Author: L0n3ly-H34rT Contact: email protected My Site: http://se3c.blogspot.com/ Vendor Link: http://wikiwebhelp.org/ Software Link:...

InterPhoto CMS 2.4.0 Shell Upload

Exploit Title: InterPhoto CMS Shell Upload Google Dork: intext:"Created by InterPhoto" Date: 03/09/2012 Exploit Author: NinjaVirus Vendor Homepage: http://www.weensoft.com/ Software Link: http://sourceforge.net/projects/interphoto/files/InterPhoto2.4.0English.rar/download Version: 2.4.0 Tested on...

mieric AddressBook 1.0 - SQL Injection

----------------------------------------------------- mieric addressBook 1.0 Vendor information: "MieRic address book is wrote in PERL and holds data via a MYSQL database. Users can add multiple EMAIL, ADDRESS, PHONE, CONTACTS, IMAGE AVATAR and PGP keys as they want. The addressBook is password...

sphpforum 0.4 - Multiple Vulnerabilities

sphpforum 0.4 - Multiple Vulnerabilities Author: loneferret of Offensive Security Product: sphpforum Version: 0.4 older versions may be affected Software Download: http://sourceforge.net/projects/sphpforum/ Description: Simple PHP Forum is a PHP based forum/BBS board is designed to be small,...

Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites

Exploit for php platform in category web applications Exploit Title: Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites Date: 12/08/2012 Author: GoLdM Vendor or Software Link: http://sourceforge.net/projects/babb/ Category:: Local File Disclosure + Arbitrary Delete + File Overwrite Google...

The XXX Software 1.0.3 <= Arbitrary Delete Vulnerability

Exploit for php platform in category web applications Exploit Title: The XXX Software 1.0.3 0day.today 2018-01-10...

Modular Site Manager <= Arbitrary Delete Vulnerability

Exploit for php platform in category web applications Exploit Title: Modular Site Manager 0day.today 2018-03-20...

T-dah Webmail Client 3.2.0-2.3 - Persistent Cross-Site Scripting

T-dah Webmail Client 3.2.0-2.3 - Persistent Cross-Site Scripting !/usr/bin/python ''' Author: loneferret of Offensive Security Product: T-dah Webmail Client Version: 3.2.0-2.3 Vendor Site: http://t-dahmail.sourceforge.net/index.php Software Download: http://sourceforge.net/projects/t-dahmail/...