-
VICIdial Multiple Authenticated SQL Injection
PHP Files ≈ Packet Storm Sep 1, 2024 | 17:22 pmThis Metasploit module exploits several authenticated SQL Inject vulnerabilities in VICIdial 2.14b0.5 prior to svn/trunk revision 3555 (VICIBox 10.0.0, prior to January 20 is vulnerable). Injection point 1 is on vicidial/admin.php when adding a user, in the modify_email_accounts parameter. Injection[…]
Read more... -
Icingaweb Directory Traversal In Static Library File Requests
PHP Files ≈ Packet Storm Sep 1, 2024 | 17:21 pmIcingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an unauthenticated directory traversal vulnerability. The vulnerability is triggered through the icinga-php-thirdparty library, which allows unauthenticated users to retrieve arbitrary files from the targets filesystem via[…]
Read more... -
Bitweaver Overlay_type Directory Traversal
PHP Files ≈ Packet Storm Sep 1, 2024 | 17:17 pmThis Metasploit module exploits a directory traversal vulnerability found in Bitweaver. When handling the overlay_type parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.
Read more... -
WordPress WPS Hide Login Login Page Revealer
PHP Files ≈ Packet Storm Sep 1, 2024 | 17:13 pmThis Metasploit module exploits a bypass issue with WPS Hide Login versions less than or equal to 1.9. WPS Hide Login is used to make a new secret path to the login page, however a GET request to /wp-admin/options.php with[…]
Read more... -
Chinese Caidao Backdoor Bruteforce
PHP Files ≈ Packet Storm Sep 1, 2024 | 16:46 pmThis Metasploit module attempts to bruteforce the chinese caidao asp/php/aspx backdoor.
Read more... -
WordPress ChopSlider3 Id SQL Injection Scanner
PHP Files ≈ Packet Storm Sep 1, 2024 | 16:45 pmThe iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied[…]
Read more... -
Wordpress LearnPress Current_items Authenticated SQL Injection
PHP Files ≈ Packet Storm Sep 1, 2024 | 16:21 pmLearnPress, a learning management plugin for WordPress, prior to 3.2.6.8 is affected by an authenticated SQL injection via the current_items parameter of the post-new.php page.
Read more... -
WebPageTest Directory Traversal
PHP Files ≈ Packet Storm Sep 1, 2024 | 16:05 pmThis Metasploit module exploits a directory traversal vulnerability found in WebPageTest. Due to the way the gettext.php script handles the file parameter, it is possible to read a file outside the www directory.
Read more... -
WordPress Total Upkeep Unauthenticated Backup Downloader
PHP Files ≈ Packet Storm Sep 1, 2024 | 15:58 pmThis Metasploit module exploits an unauthenticated database backup vulnerability in WordPress plugin Boldgrid-Backup also known as Total Upkeep version < 1.14.10. First, env-info.php is read to get server information. Next, restore-info.json is read to retrieve the last backup file. That[…]
Read more... -
TYPO3 News Module SQL Injection
PHP Files ≈ Packet Storm Aug 31, 2024 | 22:04 pmThis Metasploit module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news module 5.3.2 and earlier. It allows an unauthenticated user to execute arbitrary SQL commands via vectors involving overwriteDemand and OrderByAllowed. The SQL injection can be used[…]
Read more...
Jedesmal, wenn mit eingeschaltetem AdBlocker eine Webseite besucht wird, stirbt in einem Labor ein unschuldiges, niedliches Kaninchen einen grausamen Tod! Zusätzlich werden einige Funktionen dieser Webseite durch den AdBlocker blockiert. Bitte deaktivieren Sie Ihren AdBlocker für diese Webseite und retten Sie unschuldige Kaninchen!
Sie können durch Schliessen dieses Fensters natürlich mit AdBlocker weitermachen - wenn Sie mit dieser Schuld leben können .... es liegt an Ihnen - AdBlocker abschalten und ruhig schlafen können oder mit AdBlocker weitermachen und von übelsten Albträumen gequält werden!
Wir haben Sie gewarnt ....