-
Nagios XI Remote Code Execution
PHP Files ≈ Packet Storm Apr 15, 2021 | 13:52 pmThis Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading[…]
Read more... -
Nagios XI getprofile.sh Remote Command Execution
PHP Files ≈ Packet Storm Apr 14, 2021 | 15:49 pmThis Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run[…]
Read more... -
ExpressionEngine 6.0.2 PHP Code Injection
PHP Files ≈ Packet Storm Mar 15, 2021 | 21:05 pmExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
Read more... -
ForkCMS PHP Object Injection
PHP Files ≈ Packet Storm Mar 12, 2021 | 16:15 pmForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
Read more... -
QCubed 3.1.1 PHP Object Injection
PHP Files ≈ Packet Storm Mar 12, 2021 | 16:02 pmQCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
Read more... -
Klog Server 2.4.1 Command Injection
PHP Files ≈ Packet Storm Feb 15, 2021 | 15:23 pmThis Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command[…]
Read more... -
PEAR Archive_Tar Arbitrary File Write
PHP Files ≈ Packet Storm Jan 25, 2021 | 14:51 pmThis Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file[…]
Read more... -
PHP-Fusion 9.03.90 Cross Site Request Forgery
PHP Files ≈ Packet Storm Jan 15, 2021 | 14:59 pmPHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more... -
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
PHP Files ≈ Packet Storm Jan 12, 2021 | 16:32 pmWordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more... -
WordPress wpDiscuz 7.0.4 Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:28 pmThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....