header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

ViArt CMS 3.3.2 Remote File Include

The ViArt CMS 3.3.2 version is vulnerable to remote file inclusion. The vulnerability exists in the 'block_site_map.php' file, where it fails to properly validate user-supplied input before including a file. An attacker can exploit this vulnerability by sending a specially crafted request with a malicious URL to execute arbitrary code on the target system.

PostgreSQL COPY FROM PROGRAM Command Execution

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This module should work on all Postgres systems running version 9.3 and above. For Linux & OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl. For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp. Alternatively target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customized command.

Moodle 3.6.3 – ‘Install Plugin’ Remote Command Execution

This module exploits a command execution vulnerability in Moodle 3.6.3. An attacker can upload malicious file using the plugin installation area. Plugins must be hosted accommodate "version.php" and "theme_{plugin name}.php" files. After routine check, the moodle will accept the appropriate plugin file. Plugin control can be bypassed and malicious code can be placed in the files contained in the plugin. The module receives a shell session from the server by placing malicious code in the language file. You must have an admin account to exploit this vulnerability.

Project Alumni 1.0.9 Remote File Disclosure Vulnerability

The vulnerability allows an attacker to disclose files on the server by manipulating the 'act' parameter in the URL. By using directory traversal techniques, the attacker can access sensitive files, such as the /etc/passwd file. The exploit URL is: http://victim/path/index.php?act=../../../../../../etc/passwd%00

Low Privilege File Hijack Vulnerability

This vulnerability allows low privileged users to hijack files owned by NT AUTHORITYSYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privileged user. The exploit involves checking if the targeted file exists, killing Microsoft Edge to access the settings.dat file, deleting the settings.dat file to create a hardlink to the targeted file, and triggering the vulnerability by restarting Microsoft Edge. Finally, a check is performed to verify that the current user has "Full Control" permissions.

project-alumni sql injection & xss

The project-alumni software version 1.0.9, 1.0.8, or lower is affected by a sql injection vulnerability. The vulnerability exists due to bad filtering in the 'view.page.inc.php' and 'news.page.inc.php' files. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'year' parameter, which can lead to unauthorized access to the database. Another vulnerability is an xss vulnerability in the '/xml/index.php' file, which can be exploited by injecting malicious scripts through the 'year' parameter.

Liferay CE Portal Tomcat < 7.1.2 ga3 - Groovy-Console Remote Command Execution

This module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy script can execute commands on the system via a [command].execute() call. Valid credentials for an application administrator user account are required. This module has been tested successfully with Liferay CE Portal Tomcat 7.1.2 ga3 on Debian 4.9.18-1kali1 system.

Recent Exploits: