header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Symphony CMS Session Fixation

Symphony CMS is prone to "Session Fixation" allowing attackers to preset a users PHPSESSID "Session Identifier". If the application is deployed using an insecure setup with PHP.INI "session.use_only_cookies" not enabled, attackers can then send victims a link to the vulnerable application with the "PHPSESSID" already initialized as Symphony does not use or call "session_regenerate_id()" upon successful user authentication. As Symphonys Session ID is not regenerated it can result in arbitrary Session ID being 'Fixated' to a user, if that user authenticates using this attacker supplied session fixated link, the attacker can now access the affected application from a different Computer/Browser and have the same level of access to that of the victim. Default Cookie lifetime for Symphony CMS is up to two weeks.

Roxy Fileman <= 1.4.4 Forbidden File Upload Vulnerability

The Roxy File Manager has a configuration setting named FORBIDDEN_UPLOADS, which keeps a list of forbidden file extensions that the application will not allow to be uploaded. This configuration setting is also checked when renaming an existing file to a new file extension. It is possible to bypass this check and rename already uploaded files to any extension, using the move function as this function does not perform any checks.

ATCOM PBX system , auth bypass exploit

The ATCOM PBX system is affected by an authentication bypass vulnerability that allows an attacker to gain admin access without prior authentication. The vulnerability exists in the 'js/util.js' file, where the security check relies on the presence of a 'username' value in the cookies. If the value is not present, the user is redirected to the login page. By manipulating the cookies and setting 'username=admin', an attacker can bypass the authentication and gain admin access.

Apache mod rewrite exploit (win32)

This exploit allows an attacker to execute arbitrary code on a target system running Apache with mod_rewrite. It creates a bind shell on port 4445. The exploit has been tested on Apache 2.0.58 with mod_rewrite on Windows 2003. The original exploit had a callback on 192.168.0.1 and was buggy, so the shellcode was rewritten using metasploit.

Bomgar Remote Support Unauthenticated Code Execution

This module exploits a vulnerability in the Bomgar Remote Support, which deserializes user provided data using PHP's `unserialize` method. By providing an specially crafted PHP serialized object, it is possible to write arbitrary data to arbitrary files. This effectively allows the execution of arbitrary PHP code in the context of the Bomgar Remote Support system user. To exploit the vulnerability, a valid Logging Session ID (LSID) is required. It consists of four key-value pairs (i. e., 'h=[...];l=[...];m=[...];t=[...]'). Versions before 15.1.1 are reported to be vulnerable.

Recent Exploits: