The Karenderia CMS 5.1 is vulnerable to LFI (Local File Inclusion) vulnerability. By manipulating the 'f' parameter, an attacker can include arbitrary files from the server, leading to unauthorized access to sensitive information.
This module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution.
This module exploits a command injection in TimeMachine on macOS <= 10.14.3 in order to run a payload as root. The tmdiagnose binary on OSX <= 10.14.3 suffers from a command injection vulnerability that can be exploited by creating a specially crafted disk label. The tmdiagnose binary uses awk to list every mounted volume, and composes shell commands based on the volume labels. By creating a volume label with the backtick character, we can have our own binary executed with root privileges.
The vulnerability allows an attacker to pull user's information from the database by exploiting a SQL injection vulnerability in the Ace Image Hosting Script. By sending a specially crafted request to the albums.php file, an attacker can retrieve user's information including their username and password.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
FaceSentry suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.
The vulnerability allows an attacker to see the admin user and MD5 password, which can be cracked.
An attacker can obtain the target's information by visiting the URL http://[target]/[flat_php_board_path]/users/[target_username].php. The information exposed includes the target's username, password, and email. Additionally, when registering a new account, Flat PHP Board does not correctly filter the fields (Username, Password, Email), allowing an attacker to execute malicious code on the vulnerable server. The attacker can exploit this by accessing the URL http://[target]/[flat_php_board_path]/31337.php.
This module exploits a vulnerability within the 'ghelp', 'help' and 'man' URI handlers within Linux Mint's 'ubuntu-system-adjustments' package. Invoking any one the URI handlers will call the python script '/usr/local/bin/yelp' with the contents of the supplied URI handler as its argument. The script will then search for the strings 'gnome-help' or 'ubuntu-help' and if doesn't find either of them it'll then execute os.system('/usr/bin/yelp %s' % args). User interaction is required to exploit this vulnerability.
This vulnerability allows an attacker to disclose files on the target system by exploiting the download_file.php script in PolDoc CMS version 0.96. By manipulating the 'filename' parameter in the URL, an attacker can traverse directories and access sensitive files, such as the /etc/passwd file.