This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an exercise in the Metasploit Mastery Class at Blackhat that was facilitated by egypt and mubix.
a4ce59d4dd94c27dbf57cc0669eb39781c82929e9cbc36e77d98b4f23bc377e0
Pandora FMS versions 3.1 and below suffer from authentication bypass, os command injection, remote SQL injection, remote file inclusion and path traversal vulnerabilities.
1eb36c171f92f828e83d06f5a34529baec96147738184d46632dac589bd844f1
Facebook suffered from a cross site request forgery vulnerability.
7c06005a85f096900d92826ed406c9ce0ea87835034029bd142b1096a149b394
The mobile interface of Facebook social network was affected by a cross site scripting vulnerability.
c7302bf39fcec502bd13d11cc9209826ade631c914ff3a356949aa5373e146f7
PHP-Calendar version 1.1 suffers from remote and local file inclusion vulnerabilities.
840e9b68fad40237db6a10b3a2a2bd615d1946cf2a3593cf203fb666b3defe61
Simple PHP Blog versions 0.5.1 and below suffer from a local file inclusion vulnerability.
f5a9b9510f60ced60ff8af1994505f1deab20f0e09d6fa4a736113387fd97849
QuiXplorer versions 2.4.1beta suffer from a remote code execution vulnerability due to being susceptible to local file inclusion and directory traversal issues.
a3afd7e0520ee57c295c801fdb5fbffbe8ff9efc2f0571f48aac4570e60b32da
Horde version 3.3.5 suffers from a cross site scripting vulnerability.
1627efc1a062f84d9d9c5667d6a97f0f55081228b23f76fefb6717a55faaf8a5
WP-Forum versions 2.3 and below suffer from remote SQL and blind SQL injection vulnerabilities.
31f97870491f4ea10af9fad39bc83efefe0cf49b6221c2519edecd8b21367977
WordPress MU versions 1.2.2 through 1.3.1 wp-includes/wpmu-functions.php suffers from a cross site scripting vulnerability.
04732f8d93fe0ce601091242ec0471c3a3dc3936c54d2536bb4d0ffd27437709
Joomla! versions prior to 1.5.12 suffer from multiple cross site scripting vulnerabilities in relation to HTTP headers.
96382c9357b98c1fc2422f787e84ed89ac09e327397897640df4b58e69043ea1
Joomla! version 1.5.10 suffers from multiple persistent cross site scripting vulnerabilities in the JA_Purity template.
f87cd7f78030d051ed0a2a71a6dc7ed4b7afdec1b0f6c27bca123a0dc5f7087f
ModSecurity versions prior to 2.5.9 are vulnerable to a remote denial of service vulnerability.
8773bf44208c8558e5fc2d15ae1be757d30697c1928ff4fefbf8e5dcf130a0f1
WordPress MU versions below 2.7 suffer from a Host HTTP header cross site scripting vulnerability.
4113cda2b941db88f0101e9657393b355c6a879ccc46d2953d89e73cafc8d026
The eXtplorer file management component for Joomla! and Mambo suffers from a local file inclusion vulnerability that allows for remote code execution. Versions below 2.0.0 are vulnerable.
0c8be37f45dd7716c3e21eb52f60bdef7051a84c86dec14021ede81924f79d5b
WordPress MU versions below 2.6 suffer from a cross site scripting vulnerability in wpmu-blogs.php.
d01df92f8463db0d7b80d62d8d9f582c1da47c5dec6ed4787fcc220dd29a1b05
This is a patch for THC Hydra that fixes a status code parsing error for the HTTP protocol.
9f8bbdd611cf293292e197b96cc9bc52d77927cf395d6b5e00bc56cdf3233cc4
FAQMasterFlexPlus suffers from cross site scripting and SQL injection vulnerabilities.
d15bc96986c91951c4905a25dcdfa25651961bb2671251caa8477328798c98d2
OpenBiblio versions 0.5.2-pre4 and below suffer from multiple vulnerabilities including local file file inclusion, SQL injection, and cross site scripting.
67dd9f532ea1edb5529740b43cee83aeb7b4260ff981ff5913d1e2b1a9c20998