Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.
d393a8fbc83a7853129734872e32346a0060fce6cc2859479ba80540d7ca06afTerraMaster TOS version 4.2.29 suffers from a remote code injection vulnerability leveraging a local file inclusion vulnerability.
47788fafaa57a0578fe61fae3aba9174fdcd4e9caddb1374b93de92e53260e4aSample Blog Site version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.
9eb4f98f6b5aa7c6a2b152f6a928201fce3e01efc03aed42ffeb58be9416ad69Seo Panel version 4.10.0 suffers from a remote file inclusion vulnerability.
2fdf761dbcf0a177ff1181fce94ad134d7bd768b3f71e66a322977609630415fSample Blog Site version 1.0 suffers from a remote file inclusion vulnerability.
4f6ee68a6c536fed1167da6a84c5b39fb5d6773e2ab01a72d0112f0d091435a9Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.
3e2115a5ac5563793a0f2c821d2286084e05076d87ec7793c02b372c65ca4475BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.
6e54154264109ce0380fee45cc8dba495239a6e22843e4f8d07ddd298e5af855Online Survey System version 1.0 suffers from cross site scripting and remote file inclusion vulnerabilities.
0573d4aa4fad74ba21dfae8c95d8a0ef8922ce6bbbf5c65fcd1a8b98424e3d9eOnline Survey System version 1.0 suffers from a remote file inclusion vulnerability.
9ac49e540003cc98bbab6ed47333ffe2f4616bc3a383f48fe3a342e9a7dd83ccThis Metasploit module exploits an Apache Axis2 v1.4.1 local file inclusion (LFI) vulnerability. By loading a local XML file which contains a cleartext username and password, attackers can trivially recover authentication credentials to Axis services.
50104ff91cd322fe465188779cfaa98819e42e8898505fa53d0efc5a47d67e68This Metasploit module exploits an unauthenticated remote file inclusion which exists in Supra Smart Cloud TV. The media control for the device doesnt have any session management or authentication. Leveraging this, an attacker on the local network can send a crafted request to broadcast a fake video.
4f628334a1d4a905d86ed3e418a091bc45e99144a8e83f1ac6d4d534bdfe0adfRay versions prior to 2.8.1 are vulnerable to a local file inclusion vulnerability.
bd052a339883d4fb2b7584d0b637a7cf11576c8925a84f832d496feb70c87effThis Metasploit module exploits a local file inclusion in QNAP QTS and Photo Station that allows an unauthenticated attacker to download files from the QNAP filesystem. Because the HTTP server runs as root, it is possible to access sensitive files, such as SSH private keys and password hashes. This Metasploit module has been tested on QTS 4.3.3 (unknown Photo Station version) and QTS 4.3.6 with Photo Station 5.7.9.
70107b0adbe195b76131c10cdea4a24c8ea076a3a1b93c6596908a86f7bcd91aWebpay E-Commerce version 1.0 suffers from a directory traversal vulnerability.
95d09ce8c5598b697d3b00aaac726a002f69525139a53abe89bf0d0c71fcfd96Laundry Management System version 1.0 suffers from a remote file inclusion vulnerability.
8fab3cbba3b63d49ce3f1398516dff725855194afb4b9b834d890bf1ab8dff45miniProxy version 1.0.0 suffers from a remote file inclusion vulnerability.
047d93955456ff76bf4deec8dd78b76d6fa4d853a8417d1dc141f9097b959a9bLoan Management System version 1.0 suffers from a remote file inclusion vulnerability.
2f2cc5727791f8bddc23fe859702870ea920208518f2390ce07b09959a99f153FlatPress version 1.3.1 suffers from a path traversal vulnerability.
93132facf1686cadc1ae8f70b92c43ad1314fd717d542ca0f3d2460a2af23e80Farmacia Gama version 1.0 suffers from a file inclusion vulnerability.
da80354c20c11213cf9464c89b3c9342e5d18753a59bd94e104156db88b776d5Red Hat Security Advisory 2024-5102-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, double free, memory leak, null pointer, remote file inclusion, and use-after-free vulnerabilities.
271ebfd79d65d0fd7f0eaf5bfbcc5f0749c2bb655bb3ab858b0da3d97429fe08This is a path traversal vulnerability that impacts the CreateIndexHandler and DeleteIndexHandler found within Bleve search library. These vulnerabilities enable the attacker to delete any directory owned by the user recursively, and create a new directory in any location which the server has write permissions to. This is Google's proof of concept exploit.
fa85d4f73ca7779ddd8389e832e0e1c1e86090421d04d1696926164a39351fbfE-Commerce Site using PHP PDO version 1.0 suffers from a directory traversal vulnerability.
dc27958888a7f9ea33c2b82b09c46ed99740992adc97c22cbcb4c4b71184b5d1Devika version 1 suffers from a path traversal vulnerability.
a1faa88d45aec3e4e47f6aaf83509670b4fb84ce15462308d2e7daa8d66d754cPerten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.
92c6be9a95dec36f75c305fd1ec54275736478e25459c036cab67f945826b0f2308 different models of Sharp Multi-Function Printers (MFP) are vulnerable to 18 different vulnerabilities including remote code execution, local file inclusion, credential disclosure, and more.
b34130e7b38cd2d4de974b3c5bbaf20487c4ecc369b0ca9066b9c81dd1667a8e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed