Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 2025/05/30 8:24 a.m.5 views

CVE-2025-4636 Local Privilege Escalation

Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user...

7.8CVSS7.2AI score0.00139EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2023/07/31 8:32 p.m.384 views

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 - The vulnerability exists in the oubli parame...

9.8CVSS9.9AI score0.99637EPSS
Exploits23
Packet Storm
Packet Storm
added 2023/06/21 12:0 a.m.4335 views

SPIP 4.2.1 Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...

9.8CVSS7.1AI score0.99637EPSS
Exploits23
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.512 views

SPIP Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...

9.8CVSS9.4AI score0.99637EPSS
Exploits23
0day.today
0day.today
added 2023/04/18 12:0 a.m.4033 views

SPIP Remote Command Execution Exploit

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10...

9.8CVSS10AI score0.99637EPSS
Exploits23
WPVulnDB
WPVulnDB
added 2022/03/01 12:0 a.m.25 views

Narnoo Distributor <= 2.5.1 - Unauthenticated LFI to Arbitrary File Read / RCE

The plugin fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure of arbitrary files as the content of the file is the...

9.8CVSS0.3AI score0.4783EPSS
Exploits2Affected Software1
Packet Storm
Packet Storm
added 2013/08/29 12:0 a.m.96 views

SPIP Connect Parameter PHP Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SPIP connect Parameter PHP Injection'...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2013/08/29 12:0 a.m.315 views

SPIP - &#039;connect&#039; PHP Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SPIP connect Parameter PHP Injection'...

7AI score
Exploits0
Metasploit
Metasploit
added 2013/07/15 2:43 p.m.272 views

SPIP connect Parameter PHP Injection

This module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. Vulnerable versions are 'SPIP connect Parameter PHP Injection',...

8.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/02/02 12:0 a.m.42 views

Aprox PHP Portal index.php Arbitrary File View

The remote host is running Aprox Portal - a PHP-based content management system. There is a bug in this software that may allow an attacker to read arbitrary files on the remote web server with the privileges of the web user. In addition, this software is reportedly vulnerable to a local file...

5CVSS5.6AI score0.07266EPSS
Exploits1References2
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.149 views

Htgrep CGI Arbitrary File Viewing Vulnerability

Software: Htgrep URL: http://www.iam.unibe.ch/scg/Src/Doc/ Version: All Versions Platforms: Unix maybe Winnt? Author status: Notified Summary: Any remote user can view arbitrary files on the system with the privileges of the web user Vulnerability: The CGI allows a user to specify a header and...

Exploits0
Rows per page
Query Builder