| Country | Number |
|---|---|
| United States | 16531 |
| China | 7387 |
| Ukraine | 6044 |
| Germany | 5861 |
| Poland | 5339 |
| Russia | 4152 |
| Czechia | 2831 |
| Hungary | 2813 |
| France | 2221 |
| Moldova | 2020 |
| Port | Number |
|---|---|
| 80 | 59263 |
| 23 | 55827 |
| 6881 | 47079 |
| 8080 | 16264 |
| 25 | 8943 |
| 21 | 6597 |
| 443 | 6301 |
| 110 | 3773 |
| 2323 | 3637 |
| 88 | 3 |
curl -X 'GET' -k 'https://ip_lookup.webloft.co.uk/api/ipr/{IP_ADDRESS}' -H 'accept: application/json' -H 'API_KEY: {API_KEY}'
{
"ip": "123.123.123.123",*
"hostname": "No-HostName",
"continent_code": "EU",
"continent_name": "Europe",
"country_code": "NL",
"country_name": "Europe",
"region_code": "NH",
"region_name": "North Holland",
"city": "Diemen",
"zip": "1101",
"latitude": 52.349998,**
"longitude": 4.916999,**
"first_seen": "09/03/2023 22:36:56",
"last_seen": "20/04/2023 05:10:25",
"urlThreatDescriptions": [
"Apache Solr 8.2.0 - Remote Code Execution - [CVE-2019-17558]",
"Directory Index Scan",
"inurl:?XDEBUG_SESSION_START=phpstorm",
"Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit) - [CVE-2019-1003000]",
"Spring Cloud Gateway 3.1.0 - Remote Code Execution (RCE) - [CVE-2022-22947]",
"ThinkPHP 5.X - Remote Command Execution",
"Util/PHP/eval-stdin - [CVE-2017-9841]"
],
"security": {
"is_proxy": true,
"proxy_type": open,
"is_crawler": false,
"crawler_name": null,
"crawler_type": null,
"is_tor": false,
"threat_level": "Medium"
},
"portScans": [
{
"port": 8080,
"number": 170
},
{
"port": 443,
"number": 147
},
{
"port": 80,
"number": 166
}
]
}
| Exploit | Exploit Information | CVE |
|---|---|---|
| TP-Link Archer AX21 (AX1800) firmware versions before 1 | TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request. | CVE-2023-1389 |
| PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) | # Exploit Title: PHP Unit 4.8.28 - Remote Code Execution (RCE) (Unauthenticated) # Date: 2022/01/30 # Exploit Author: souzo # Vendor Homepage: phpunit.de # Version: 4.8.28 # Tested on: Unit # CVE : CVE-2017-9841 import requests from sys import argv phpfiles = ["/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php", "/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin. | CVE-2017-9841 |
| Util/PHP/eval-stdin | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | CVE-2017-9841 |
| vendor/elfinder/php/connector | vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | CVE-2020-35235 |
| elFinder before 2 | elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | CVE-2019-9194 |
| elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit) | ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'elFinder PHP Connector exiftran Command Injection', 'Description' => %q{ This module exploits a command inje | CVE-2019-9194 |
| Responsive FileManager < 9.13.4 - Directory Traversal | The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com #1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../etc/passwd HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 (Windows | CVE-2018-15536 |
| A path traversal vulnerability in the file upload functionality in tinyfilemanager | A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | CVE-2021-45010 |
| An issue was discovered in ownCloud owncloud/graphapi 0 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure. | CVE-2023-49103 |
| Directory traversal vulnerability in page | Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root. | CVE-2010-3490 |
| Joomla! 1 | Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | CVE-2015-8562 |
| Telerik | Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | CVE-2017-9248 |
| Telerik UI for ASP.NET AJAX 2012.3.1308 < 2017.1.118 - Encryption Keys Disclosure | # Exploit Title: Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker # Filename: dp_crypto.py # Github: https://github.com/bao7uo/dp_crypto # Date: 2018-01-23 # Exploit Author: Paul Taylor / Foregenix Ltd # Website: http://www.foregenix.com/blog # Version: Telerik UI for ASP.NET AJAX # CVE: CVE-2017-9248 # Vendor Advisory: https://www.telerik.com/support/kb/aspnet-ajax/details/cryptographic-weakness # Tested on: Working on versions 2012.3.1308 thru 2017.1.118 (.NET 35, 40, 45) #!/usr/bi | CVE-2017-9248 |
| VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection | VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution. | CVE-2022-22954 |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | CVE-2022-22965 |
| An issue in Tecrail Responsive FileManager v9 | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | CVE-2022-46604 |
| An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices | An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | CVE-2017-5521 |
| Apache 0.8.x/1.0.x / NCSA HTTPd 1.x - 'test-cgi' Directory Listing | source: https://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations. This allows a remote attacker to obtain file listings, by passing *, /*, /usr/* etc., as variables. The ECHO command expands the * to give a directory listing of the specified directory. This cou | CVE-1999-0070 |
| Credentials for Zivif PR115-204-P-RS V2 | Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages. | CVE-2017-17106 |
| Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2 | Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php. | CVE-2015-1424 |
| Gecko CMS 2.3 - Multiple Vulnerabilities | Gecko CMS 2.3 Multiple Vulnerabilities Vendor: JAKWEB Product web page: http://www.cmsgecko.com Affected version: 2.3 and 2.2 Summary: Gecko CMS is the way to go, forget complicated, bloated and slow content management systems, Gecko CMS has been build to be intuitive, easy to use, extendable to almost anything, running on all standard web hosting (PHP and one MySQL database, Apache is a plus), browser compatibility and fast, super fast! Desc: Gecko CMS suffers from multiple vulnerabilities | CVE-2022-30529 |
| In Pulse Secure Pulse Connect Secure (PCS) 8 | In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . | CVE-2019-11510 |
| In spring cloud gateway versions prior to 3 | In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host. | CVE-2022-22947 |
| mailboxd component in Synacor Zimbra Collaboration Suite 8 | mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | CVE-2019-9670 |
| Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1 | Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. | CVE-2011-5148 |
| OpenEMR 4.1.1 - 'ofc_upload_image.php' Arbitrary File Upload | <?php /* OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. Desc: The vulnerability is caused due to the improper verification of uploaded files in '/library/openflashchart/php-ofc-library/ofc_upload_image.ph | CVE-90222, CVE-2011-4275, CVE-2009-4140, CVE-59051 |
| Privilege escalation in PHP-Fusion 9 | Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). | CVE-2020-24949 |
| Responsive FileManager 9.9.5 - Remote Code Execution (RCE) | # Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution (RCE) # Date: 02-Feb-2023 # Exploit Author: Galoget Latorre (@galoget) # Vendor Homepage: https://responsivefilemanager.com # Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsive_filemanager.zip # Dockerfile: https://github.com/galoget/ResponsiveFileManager-CVE-2022-46604 # Version: 9.9.5 # Language: Python 3.x # Tested on: # - Ubuntu 22.04.5 LTS 64-bit # - Debian GNU/Linux 10 (b | CVE-2022-46604 |
| sapi/cgi/cgi_main | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | CVE-2012-2336 |
| WebKit in Apple Safari 4 | WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | CVE-2010-1807 |
| Wordpress before 2 | Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/. | CVE-2009-2853 |
| Pre-auth RCE in Apache Ofbiz 18 | Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | CVE-2023-49070 |
| A cross-site scripting (XSS) vulnerability in upload | A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | CVE-2019-14315 |
| A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5 | A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | CVE-2022-30525 |
| A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code. This issue affects Juniper Networks Junos OS on EX Series and SRX Series: * All versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S7; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1-S1, 23.2R2. | CVE-2023-36845 |
| A reflected XSS issue exists in the Management Console of several WSO2 products | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | CVE-2022-29548 |
| A vulnerability was found in Campcodes Online Traffic Offense Management System 1 | A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051. | CVE-2023-2073 |
| A vulnerability was found in hansunCMS 1 | A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. | CVE-2023-2245 |
| Adobe Commerce versions 2 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. | CVE-2022-24086 |
| An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station | An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later | CVE-2022-27593 |
| An issue was discovered in Chadha PHPKB 9 | An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. | CVE-2020-11579 |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10 | An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | CVE-2019-19781 |
| An issue was discovered in Joomla! 4 | An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | CVE-2023-23752 |
| An issue was discovered in Joomla! before 3 | An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. | CVE-2019-10945 |
| An issue was discovered in Shirne CMS 1 | An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php | CVE-2022-37299 |
| Application/Admin/Controller/ConfigController | Application/Admin/Controller/ConfigController.class.php in 74cms v5.0.1 allows remote attackers to execute arbitrary PHP code via the index.php?m=Admin&c=config&a=edit site_domain parameter. | CVE-2019-10684 |
| Before version 4 | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | CVE-2017-14725 |
| C99Shell (Web Shell) - 'c99.php' Authentication Bypass | # Exploit Title: C99 Shell Authentication Bypass via Backdoor # Google Dork: inurl:c99.php # Date: June 23, 2014 # Exploit Author: mandatory ( Matthew Bryant ) # Vendor Homepage: http://ccteam.ru/ # Software Link: https://www.google.com/ # Version: < 1.00 beta # Tested on:Linux # CVE: N/A All C99.php shells are backdoored. To bypass authentication add "?c99shcook[login]=0" to the URL. e.g. http://127.0.0.1/c99.php?c99shcook[login]=0 The backdoor: @extract($_REQUEST["c99shcook"]); Which byp | CVE-108979 |
| cgi-bin/admin | cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | CVE-2012-2626 |
| cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences | cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | CVE-2009-0680 |
| Citrix Workspace App before 1904 for Windows has Incorrect Access Control | Citrix Workspace App before 1904 for Windows has Incorrect Access Control. | CVE-2019-11634 |
| ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) | # Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability # Date: 2018-11-11 # Exploit Author: Ameer Pornillos # Website: http://ethicalhackers.club # Vendor Homepage: http://www.clippercms.com/ # Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper_1.3.3 # Version: 1.3.3 # Tested on: Windows 10 x64 (XAMPP, Firefox) # CVE : CVE-2018-19135 * Description: ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload which is being used by default. This | CVE-2018-19135 |
| CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload | <pre> # # CMSimple 3.1 Local File Inclusion / Arbitrary File Upload # download: http://www.cmsimple.org/?Downloads # dork: "Powered by CMSimple" # # author: irk4z@yahoo.pl # homepage: http://irk4z.wordpress.com # Local File Inclusion : http://[host]/[path]/index.php?sl=[file]%00 http://[host]/[path]/index.php?sl=../../../../../../../etc/passwd%00 Arbitrary File Upload (into http://[host]/[path]/downloads/ ): </pre> <form method="POST" enctype="multipart/form-data" action="http://[host]/[p | CVE-2008-2650 |
| Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities | source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. http://www.example.co | CVE-2005-3285, CVE-20032 |
| comment_delete_cgi | comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter. | CVE-2005-2787 |
| Cross-site scripting (XSS) vulnerability in WordPress before 2 | Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVE-2008-3233 |
| dayrui FineCms 5 | dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character. | CVE-2017-11581 |
| Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4 | Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries. | CVE-2013-6397 |
| D-Link DNS-320 FW v2 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. | CVE-2020-25506 |
| elFinder is an open-source file manager for web, written in JavaScript using jQuery UI | elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. | CVE-2021-32682 |
| EmpireCMS v7 | EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | CVE-2018-18086 |
| Freepbx < 2.11.1.5 - Remote Code Execution | Exploit Title: Freepbx coockie recordings injection Google Dork: Ask Santa Date: 23/12/2016 Exploit Author: inj3ctor3 Vendor Homepage: https://www.freepbx.org/ Software Link: ISO LINKS IN SITE https://www.freepbx.org/ Version: ALL && unpatched/ (Trixbox/freepbx/elastix/pbxinflash/) Tested on: Centos 6 CVE : CVE-2014-7235 1. Description a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)” | CVE-2014-7235 |
| FreePBX 2.8.0 - Recordings Interface Allows Remote Code Execution | Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX (http://www.freepbx.org/) Product: FreePBX and VOIP solutions (AsteriskNOW, TrixBox, etc) using it Version(s) affected: 2.8.0 and below Product Description: FreePBX is an easy to use GUI (graphical user interface) that controls and manages Asterisk, the world's most | CVE-2010-3490, CVE-68240 |
| In PHP Proxy 3 | In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | CVE-2018-19458 |
| In WordPress through 4 | In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times. | CVE-2018-6389 |
| IPS Community Suite 4.1.12.3 - PHP Code Injection | --------------------------------------------------------------------------- IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability --------------------------------------------------------------------------- [-] Software Link: https://invisionpower.com/ [-] Affected Versions: Version 4.1.12.3 and prior versions. [-] Vulnerability Description: The vulnerable code is located in the /applications/core/modules/front/system/content.php script: 38. $class = 'IPS' . implod | CVE-2016-6174 |
| Joomla! Component com_civicrm 4.2.2 - Remote Code Injection | # Exploit Title: joomla component com_civicrm remode code injection exploit # Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart" # Date: 20/04/2013 # Exploit Author: iskorpitx # Vendor Homepage: http://civicrm.org # Software Link: http://civicrm.org/blogs/yashodha/announcing-civicrm-422 # Version: [civicrm 4.2.2] # Tested on: Win8 Pro x64 # CVE : http://www.securityweb.org <?php # Joomla component com_civicrm OpenFlashCart ofc_upload_image.p | CVE-2011-4275, CVE-59051, CVE-2009-4140 |
| Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution | <?PHP /* -------------------------------------------------------------------------------- Title: Simple File Upload v1.3 (module for joomla) Remote Code Execution Exploit -------------------------------------------------------------------------------- Author...............: gmda Google Dork..........:"Simple File Upload v1.3" "Powered by Joomla" Mail.................: gmda[at]email[dot]it Site.................: http://www.gmda.altervista.org/ Date.................: | CVE-78122, CVE-2011-5148 |
| Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names | Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | CVE-2005-2428 |
| Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion | Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: parvinder.bhasin@gmail.com twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software link: Magento server: http://www.magentocommerce.com/download MAGMI Plugin: https://sourceforge.net/projects/magmi/files/magmi-0.7/plugins/packages/ MAGMI (MAGento Mass Importer) suffers from File inclusion vulnerability (RFI) whic | CVE-113848, CVE-2014-8770 |
| Mailman 2.1.x - Multiple Input Validation Vulnerabilities | source: https://www.securityfocus.com/bid/20021/info Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection vulnerability. A successful exploit of these issues could allow an attacker to steal cookie-based authentication credentials, add additional content to the log file, possibly hide current attacks, or launch phishing-style attacks; other att | CVE-2006-3636, CVE-28438 |
| MantisBT through 2 | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | CVE-2017-7615 |
| Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4 | Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789. | CVE-2009-1165 |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206 | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206. | CVE-2021-34473 |
| mproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Many file operations are intended to take place within a restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the "../" sequence, which in most modern operating systems is interpreted as the parent directory of the current location. This is referred to as relative path traversal. Path traversal also covers the use of absolute pathnames such as "/usr/local/bin", which may also be useful in accessing unexpected files. This is referred to as absolute path traversal. In many programming languages, the injection of a null byte (the 0 or NUL) may allow an attacker to truncate a generated filename to widen the scope of attack. For example, the product may add ".txt" to any pathname, thus limiting the attacker to text files, but a null injection may effectively remove this restriction. | CVE-2013-1891 |
| Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1 | Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | CVE-2005-4223 |
| Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl. | CVE-2013-5223 |
| On D-Link DIR-819 Firmware Version 1 | On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, it is possible to trigger a Denial of Service via the sys_token parameter in a cgi-bin/webproc?getpage=html/index.html request. | CVE-2022-40946 |
| PHP gettext 1.0.12 - 'gettext.php' Code Execution | [CVE-2016-6175] gettext.php <= 1.0.12 unauthenticated code execution with POTENTIAL privileges escalation # Date: June 25th, 2016 # Author: kmkz (Bourbon Jean-marie) <mail.bourbon@gmail.com> | @kmkz_security # Project Homepage: https://launchpad.net/php-gettext/ # Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz # Version: 1.0.12 (latest release) # Tested on: Linux Debian, PHP 5.6.19-2+b1 # CVSS: 7.1 # OVE ID: OVE-20160705-0004 # CVE ID: CVE-2016-617 | CVE-2016-6175 |
| PHP remote file inclusion vulnerability in index | PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | CVE-2007-2143 |
| PHP Scripts Mall PHP Appointment Booking Script 3 | PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user profile. | CVE-2019-9066 |
| phpPgAdmin 4.2.1 - '_language' Local File Inclusion | :::::::-. ... ::::::. :::. ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[. '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 .d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun dun[at]strcpy.pl ] ################################################################## # [ phpPgAdmin <= 4.2.1 ] Local File Inclusion Vulnerability # ################################################################## # # Script: "phpPgAdmin is a | CVE-2008-5587 |
| Schneider Electric Pelco Endura NET55XX Encoder - Authentication Bypass (Metasploit) | ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Udp include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Report include Msf::Exploit::Remote::SSH def initialize(info={}) super(update_info(info, 'Name' => "Schneider Electric Pelco Endura NET55XX Encoder", 'D | CVE-2019-6814 |
| SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution | source: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible. #!/usr/bin/perl -w # SimpleBBS v1.1(posts.php) remote command execution Xp | CVE-2006-1800, CVE-24689 |
| Sitecore XP 7 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No authentication or special configuration is required to exploit this vulnerability. | CVE-2021-42237 |
| SQL injection vulnerability in index | SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. | CVE-2008-1975 |
| SQL injection vulnerability in offers_buy | SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | CVE-2010-1726 |
| Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion | source: https://www.securityfocus.com/bid/18231/info SquirrelMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit may allow unauthorized users to view files and to execute local scripts; other attacks are also possible. http://www.example.com/[squirrelmail dir]/src/redirect.php?plugins[]=../../../../etc/passwd%00 | CVE-2006-2842 |
| Telerik | Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | CVE-2017-11317 |
| The K2 component 2 | The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads | CVE-2018-7482 |
| The limit-login-attempts-reloaded plugin before 2 | The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. | CVE-2020-35589 |
| The mailSend function in the isMail transport in PHPMailer before 5 | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | CVE-2016-10033 |
| The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023 | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. | CVE-2014-8361 |
| The Photo Sharing Plus component on Sony Bravia TV through 8 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | CVE-2018-16594 |
| The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions | The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | CVE-2016-10148 |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1 | There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which could be used to erase attack traces. | CVE-2019-17512 |
| TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities | #Title: TP-LINK Model No. TL-WR340G/TL-WR340GD - Multiple Vulnerabilities #Date: 01.07.14 #Vendor: TP-LINK #Affected versions: TL-WR340G/TL-WR340GD #Tested on: Firmware Version - 4.3.7 Build 090901 Rel.61899n, Hardware Version - WR340G v5 081520C2 [at] Linux #Contact: smash [at] devilteam.pl Persistent Cross Site Scripting vulnerabilities exists because of poor parameters filtration. Our value is stored in javascript array, since it's not correctly verified nor filtered, it is able to inject j | CVE-111720, CVE-111712, CVE-111711, CVE-111708, CVE-111707, CVE-111706, CVE-111705, CVE-111704, CVE-111703, CVE-100357, CVE-100355 |
| Unrestricted file upload vulnerability in ofc_upload_image | Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/. | CVE-2009-4140 |
| WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) | # Exploit Title: WordPress 5.7 - 'Media Library' XML External Entity Injection (XXE) (Authenticated) # Date: 16/09/2021 # Exploit Author: David Utón (M3n0sD0n4ld) # Vendor Homepage: https://wordpress.com # Affected Version: WordPress 5.6-5.7 & PHP8 # Tested on: Linux Ubuntu 18.04.5 LTS # CVE : CVE-2021-29447 #!/bin/bash # Author: @David_Uton (m3n0sd0n4ld) # Usage: $./CVE-2021-29447.sh TARGET WP_USERNAME WP_PASSWORD PATH/FILE.EXT LHOST # Example: $ ./CVE-2021-29447.sh 10.10.XX.XX wptest test .. | CVE-2021-29447 |
| WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download | # Exploit Title: WordPress Plugin Duplicator 1.4.6 - Unauthenticated Backup Download # Google Dork: N/A # Date: 07.27.2022 # Exploit Author: SecuriTrust # Vendor Homepage: https://snapcreek.com/ # Software Link: https://wordpress.org/plugins/duplicator/ # Version: < 1.4.7 # Tested on: Linux, Windows # CVE : CVE-2022-2551 # Reference: https://securitrust.fr # Reference: https://github.com/SecuriTrust/CVEsLab/CVE-2022-2551 #Product: WordPress Plugin Duplicator < 1.4.7 #Vulnerability: 1-It allows | CVE-2022-2551 |
Last updated: April 23, 2024 | ||
If it's a great idea but you need help to make it a demonstrable reality Web Loft can help.
Webloft has experience in rapid prototyping using modern
industry standard components.
Web Loft has a wealth of experience working with a variety of technologies, languages and frameworks. Looking for something specific? Please check out the list below. If you don't see what you're looking for please get in touch and we can discuss how we can help.