This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager' field contains arbitrary file upload vulnerability. The '$IllegalExtensions' function has control weakness and shortcomings. It is possible to see illegal extensions within 'constants.inc.php'. (exe|asp|php|php3|php5|cgi|bat...) However, there is no case-sensitive control. Therefore, it is possible to bypass control with filenames such as '.phP', '.Php'. It can also be used in dangerous extensions such as 'shtml' and 'phtml'. The directory path for the 'content' folder is located at 'config.inc.php'. For the exploit to work, the 'define ('AT_CONTENT_DIR', 'address')' content folder must be located in the web home directory or the address must be known. This exploit creates a course with the teacher user and loads the malicious php file into server.
The FTP Shell Server 6.83 'Account name to ban' feature is vulnerable to a buffer overflow attack. By providing a specially crafted account name, an attacker can trigger the overflow and execute arbitrary code. This exploit was created to demonstrate the vulnerability during intern training in 2019.
This exploit allows an attacker to execute arbitrary commands on the target system without authentication. It takes advantage of a vulnerability in Dell KACE Systems Management Appliance (K1000) version 6.4.120756 and earlier.
The wpQuiz 2.7 script is vulnerable to a remote SQL injection attack. The vulnerability can be exploited through the viewimage.php file by using a specially crafted SQL query. By injecting SQL code, an attacker can bypass authentication and retrieve sensitive information from the database, such as usernames and passwords.
This exploit allows an attacker to bypass authentication in QNAP Netatalk before version 3.1.12. It overwrites the commands pointer with the base of the preauth_switch.
The plugin's primary goal is to limit the rate at which an individual can attempt to authenticate with WordPress. Plugin has support for HTTP headers X_FORWARDED_FOR and X_SUCURI_CLIENTIP to allow rate limiting for users when web servers are behind a reverse proxy service. However, REMOTE_ADDR is not verified as a whitelisted proxy address, thus allowing an attacker to easily forge either the X_FORWARDED_FOR or X_SUCURI_CLIENTIP headers to completely bypass the rate limiting service.
This exploit takes advantage of a buffer overflow vulnerability in the activation code of River Past Cam Do 3.7.6. By generating a malicious activation code and pasting it into the application, an attacker can execute arbitrary code, such as launching the calculator (calc.exe) in this example.
This exploit allows an attacker to remotely disclose the source code of a PHP-Nuke NSN Script Depository module version 1.0.0 or below. By providing the target URL and the file path, the exploit generates a form that triggers the disclosure of the specified file.
This vulnerability allows an attacker to inject HTML code into a website, which can lead to various attacks such as cross-site scripting (XSS). The vulnerability can be exploited by manipulating the 'log', 'name', or 'data' parameters in the affected URLs. An example payload for this exploit is '<h1>HTML Injection</h1>'.
The download module does not correctly check the file parameter, allowing for directory traversal and the ability to download all files hosted in the target web space.