Zabbix Server is a network management system application designed to monitor and track the status of various network services, servers, and other network hardware. Multiple vulnerabilities were discovered in Zabbix Server, including remote command execution, remote SQL execution, and remote DoS (NULL deref). The faulty source code for each vulnerability was identified and patched versions were released. The changelog entries for each vulnerability are also provided.
A vulnerability exists in NAS Uploader versions 1.0 and 1.5, which allows an attacker to upload a malicious file to the server. The attacker can go to the target website's upload_multiple_js.php page, click on the 'Parcourir' button, and upload a shell file in the form of 'shell.php.rar'. The uploaded file can then be accessed at target.com/[path]/uploads/tests/shell.php.rar.
myPHPupload 0.5.1 is vulnerable to a remote file upload vulnerability. An attacker can upload a malicious file to the server by exploiting this vulnerability. The attacker can then access the uploaded file by visiting the directory where the file was uploaded.
A vulnerability exists in Max's AJAX File Uploader which allows an attacker to upload a malicious file to the server. The attacker can then access the uploaded file by providing the path to the file in the URL. The vulnerability is due to insufficient validation of the uploaded file type.
Signup in the forum by going to http://localhost/[script]/base.php?page=inscription.php, then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click 'modfier', upload your shell in 'php.jpg' format, do a right click in the icon situated in 'Apparence' then copy the link of your shell.
A vulnerability exists in [WS] upload, where an attacker can upload a malicious file to the server. The attacker can then access the malicious file by navigating to the file path. This vulnerability can be exploited by an attacker to gain access to the server.
Quartz Concept Content Manager V3.00 is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to bypass authentication and gain access to the application as an administrator.
This exploit is for RM Downloader 3.0.2.1, a software used to convert RM files to MP3. The vulnerability is a stack overflow which occurs when a specially crafted .M3U file is opened. The exploit code contains a jmp esp from RDcodec02.dll, followed by 256 bytes of NOPs, 8 bytes of NOPs, 100 bytes of NOPs, and a shellcode which executes calc.exe.
eoCMS version 0.9.03 is vulnerable to a Remote File Include vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.
Ez Guestbook script version 1.0 suffers from multiple vulnerabilities, including a Cross Site Request Forgery vulnerability. An attacker can exploit this vulnerability by crafting a malicious form that changes the admin password and submitting it to the vulnerable application. Additionally, an attacker can exploit the vulnerability by sending a malicious request to the vulnerable application to delete a post by ID.