This exploit takes advantage of a vulnerability in the IBM Domino Web Access Upload Module inotes6.dll. It allows an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. The exploit has been tested on Windows XP SP2 with IE6 and inotes6.dll versions 6.0.40.0 and 6.0.48.0. The shellcode used in this exploit executes the 'calc.exe' command.
Sentrifugo HRMS version 3.2 and possibly before are affected by Blind SQL Injection in deptid parameter through POST request in "/sentrifugo/index.php/holidaygroups/add" resource. This allows a user of the application without permissions to read sensitive information from the database used by the application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
This module exploits multiple vulnerabilities in EyesOfNetwork version 5.3 and prior in order to execute arbitrary commands as root. This module takes advantage of a command injection vulnerability in the 'target' parameter of the AutoDiscovery functionality within the EON web interface in order to write an Nmap NSE script containing the payload to disk. It then starts an Nmap scan to activate the payload. This results in privilege escalation because the 'apache' user can execute Nmap as root. Valid credentials for a user with administrative privileges are required. However, this module can bypass authentication via two methods, i.e. by generating an API access token based on a hardcoded key, and via SQLI. This module has been successfully tested on EyesOfNetwork 5.3 with API version 2.4.2.
The RICOH Aficio SP 5200S Printer is vulnerable to code injection through the 'entryNameIn' parameter in the 'adrsGetUser.cgi' HTTP POST request. An attacker can inject malicious HTML code and execute it in the context of the victim's browser.
The vulnerability allows an attacker to include local files on the server by manipulating the 'p' parameter in the index.php file of SanyBee Gallery 0.1.1. By appending '%00' to the parameter, the attacker can bypass input validation and include arbitrary files.
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Unauthenticated Nimbus nimcontroller RCE, tested against build 7.80.3132 although multiple versions are affected. The exploit won't crash the service. You may have to run the exploit code multiple times on Windows Server 2012. If you exploit Windows Server 2019 it should work as well just didn't get a chance to test it (reversing other things), I put faith in my ROP chain being universal (worked first try on 2012).
An attacker can use CSRF to register themselves as an instructor or block other legit instructors. Consequently, if the option to create courses without admin approval is enabled on the pluginβs settings page, the attacker will be able to create courses directly as well. All WordPress websites using Tutor LMS version 1.5.2 and below are affected.
Services By CQR