header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation

This module exploits a command injection in TimeMachine on macOS <= 10.14.3 in order to run a payload as root. The tmdiagnose binary on OSX <= 10.14.3 suffers from a command injection vulnerability that can be exploited by creating a specially crafted disk label. The tmdiagnose binary uses awk to list every mounted volume, and composes shell commands based on the volume labels. By creating a volume label with the backtick character, we can have our own binary executed with root privileges.

Ace Image Hosting Script SQL Injection Vulnerability

The vulnerability allows an attacker to pull user's information from the database by exploiting a SQL injection vulnerability in the Ace Image Hosting Script. By sending a specially crafted request to the albums.php file, an attacker can retrieve user's information including their username and password.

FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

FaceSentry Access Control System 6.4.8 Remote Command Injection

FaceSentry suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.

Flat PHP Board <= 1.2 Multiple Vulnerabilities

An attacker can obtain the target's information by visiting the URL http://[target]/[flat_php_board_path]/users/[target_username].php. The information exposed includes the target's username, password, and email. Additionally, when registering a new account, Flat PHP Board does not correctly filter the fields (Username, Password, Email), allowing an attacker to execute malicious code on the vulnerable server. The attacker can exploit this by accessing the URL http://[target]/[flat_php_board_path]/31337.php.

Linux Mint ‘yelp’ URI handler command injection vulnerability

This module exploits a vulnerability within the 'ghelp', 'help' and 'man' URI handlers within Linux Mint's 'ubuntu-system-adjustments' package. Invoking any one the URI handlers will call the python script '/usr/local/bin/yelp' with the contents of the supplied URI handler as its argument. The script will then search for the strings 'gnome-help' or 'ubuntu-help' and if doesn't find either of them it'll then execute os.system('/usr/bin/yelp %s' % args). User interaction is required to exploit this vulnerability.

PolDoc CMS 0.96 (download_file.php filename) Remote File Disclosure Vulnerability

This vulnerability allows an attacker to disclose files on the target system by exploiting the download_file.php script in PolDoc CMS version 0.96. By manipulating the 'filename' parameter in the URL, an attacker can traverse directories and access sensitive files, such as the /etc/passwd file.

Recent Exploits: