Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles. A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials. Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. In the service_name argument to the pam_start function, as demonstrated by a .. Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS allows remote attackers to obtain sensitive information via a .. Auxiliary/server/socks_unc-This module provides a Socks proxy service that redirects all HTTP requests to a web page that loads a UNC path.
Auxiliary/server/capture/telnet-This module provides a fake Telnet service that is designed to capture authentication credentials. DONTs and WONTs are sent to the client for all option negotiations, except for ECHO at the time of … Auxiliary/server/capture/smtp-This module provides a fake SMTP service that is designed to capture authentication credentials. Auxiliary/server/capture/smb-This module provides a SMB service that can be used to capture the challenge-response password hashes of SMB client systems.
Protocol information and host operating system will be reported. Host operating system detection requires the remote … Auxiliary/scanner/sip/sipdroid_ext_enum-This module exploits a leak of extension/SIP Gateway on SIPDroid 1.6.1 beta, 2.0.1 beta, 2.2 beta (tested in Android 2.1 and 2.2 – official Motorola release) .
Directory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. Directory traversal vulnerability in Uploader module 1.1 for XOOPS allows remote attackers to read arbitrary files via a .. In the filename parameter in a downloadfile action to index.php.
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. In the is 42 social media in emergency management answers file parameter, aka Bug ID CSCto35577. Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.
If the filename is found, the IP address and the files found will be displayed. Auxiliary/scanner/http/lucky_punch-This module implements the mass SQL injection attack in use lately by concatenation of HTML string that forces a persistent XSS attack to redirect user browser to an attacker controller website. Auxiliary/scanner/http/ipboard_login-This module attempts to validate user provided credentials against an IP Board web application. Auxiliary/scanner/http/f5_bigip_virtual_server-This module scans for BigIP HTTP virtual servers using banner grabbing. BigIP system uses different HTTP profiles for managing HTTP traffic and these profiles allow to customize the string used as …
In the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php. Directory traversal vulnerability in v2demo/page.php in Jshop Server 1.x through 2.x allows remote attackers to include and execute arbitrary local files via a .. Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. Directory traversal vulnerability in system/_b/contentFiles/gbincluder.php in BolinOS 4.6.1 allows remote attackers to include and execute arbitrary local files via a ..