This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53. By sending a specially crafted CGI request to ovalarm.exe, an attacker can execute arbitrary code. This specific vulnerability is due to a call to "sprintf_new" in the "isWide" function within "ovalarm.exe". A stack buffer overflow occurs when processing an HTTP request that contains an "Accept-Language" header longer than 100 bytes and an "OVABverbose" URI variable set to "on", "true" or "1". The vulnerability is related to "_WebSession::GetWebLocale()". NOTE: This exploit has been tested successfully with a reverse_ord_tcp payload.
The vulnerability allows an attacker to retrieve arbitrary files by exploiting a failure in the application to properly sanitize user-supplied input. This can be done by manipulating the 'site' parameter in the URL.
This exploit crashes the Kate's Video Toolkit application when a specific .wav file is added to the Mix section of the application.
The wh-em.com upload application fails to adequately verify user-supplied input used for cookie-based authentication, allowing attackers to gain administrative access to the affected application.
This script exploits a directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4. It allows an attacker to download sensitive files from the target Windows machine, such as registry hives, boot.ini, and win.ini.
Tiki Wiki CMS Groupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Advantech/BroadWin SCADA WebAccess is prone to multiple remote vulnerabilities including an information-disclosure issue and a remote code-execution issue. An attacker can exploit these issues to execute arbitrary code and gain access to sensitive information. Other attacks may also be possible.
The NWS-Classifieds application is prone to a local file-include vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to obtain sensitive information and execute arbitrary local scripts in the context of the webserver process. This can lead to application and system compromise.
This module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.
This exploit takes advantage of a bug in PHP versions 7.0-7.4, where the debug_backtrace() function returns a reference to a variable that has been destroyed, causing a Use After Free vulnerability. The exploit allows an attacker to execute arbitrary commands on the target system.
Services By CQR