VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. Port binding payloads are disregarded due to the restrictive firewall settings. This Metasploit module has been tested successfully on VMTurbo Operations Manager versions 4.5 and 4.6.
0649ca7e973fb4b39c646f1c27813549f1cb5f0d02c263f2d2f7d20f3e123eb4Moodle CMS version 2.5.0-1 suffers from a cross site scripting vulnerability.
e3ac4ae54569cb79f99f56b55d391649ec34ad904958620a13e84eeeba37dd72Joomla versions 3.1.5 and 3.1.4 suffer from a reflective cross site scripting vulnerability in example.php.
505f805cbabe1c1344542d455a87ded89cd66960ecb7055c0c0e53332da1021dAlice Telecom Italia AGPF ADSL router suffers from multiple cross site request forgery vulnerabilities.
1959c188ad9ad6749c3e418fd4e2dcf8038fda109ae668d36b1177b35b37d4c0Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
9ca1b6b62a4fcc57851e48e31b456e9ea711e0ef46b10cf39d3277547b450333Kusaba X versions 0.9.1 and below suffers from a cross site scripting vulnerability and a cross site request forgery vulnerability that allows for arbitrary SQL statement execution.
64e2bd26377186de93fea5e171b4925473cc45a08142ff4fd3e932681827e225
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed