A vulnerability exists in the TinyMCE editor, included in the tiny browser plugin, which allows uploading files without authentication. This can be exploited to upload files with multiple extensions and execute arbitrary PHP code.
e107 CMS is vulnerable to a command injection in its installation script due to a lack of sanitization on the MySQL server parameter.
This module exploits a SQL Injection vulnerability in Drupal.An attacker can send a specially crafted data and execute arbitrary SQL commands leading to remote code execution.
The BlogAPI module does not validate the extension of files that it is used to upload, enabling users with the "administer content with blog api" permission to upload harmful files. This module uploads an Core Impact agent, creates a php file to execute the agent and then makes a request to the file. The result is an Core Impact agent running on the webserver.
This vulnerability abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
This module exploits a vulnerability in bash when the vulnerable bash version is used to run a CGI page.
This module exploits a vulnerability in bash when the vulnerable bash version is used to run a CGI page.
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
The SSL protocol, as used in Oracle Java, encrypts data by using CBC mode with chained initialization vectors. This weakness allows to decrypt HTTP headers by a chosen plain text attack, thus obtaining browser cookies from the target system's browser corresponding to a given HTTPS server. The cookies could then be used by the user to do a session hijacking attack. This module launches the attack against target systems. This systems must be running a browser with the vulnerable Java version for this exploit to work. This module is capable or retrieving the cookies stored in the browser for a specified target domain. The attack begins with an ARP spoofing attack. If this attack is successful, HTTP traffic from the target system will be intercepted and modified. An HTTP response will be modified so the target's browser loads a Java applet. This applet then is used to launch the chosen plain text attack. For this exploit to work, the cipher suite used by the SSL connection between the target system and the target domain must use the CBC mode. This module only works when the target domain server isn't on the same local network as the target system. This exploit wasn't tested on target domains that resolve to more than one IP address. This module doesn't work when the target domain host is accessed by the target system through a proxy, or if the target domain server closes the SSL connections after every request. Note: The ARP attack will send packets with spoofed MAC addresses. The MAC address prefix can be controlled with a parameter. This value should be changed when the module is run against more than one target at the same time.
This module exploits a vulnerability in Java Bridge component of Zend Server.