This module exploits an unauthenticated remote command injection vulnerability found in Barco WePresent and related OEM'ed products. The vulnerability is triggered via an HTTP POST request to the file_transfer.cgi endpoint.
The 'bookisbn' parameter in the book.php file is vulnerable to SQL Injection. An attacker can manipulate the parameter to execute malicious SQL queries.
This exploit allows an attacker to inject SQL code in various modules of RUNCMS 1.6, including mydownloads/brokenfile.php, mydownloads/visit.php, mydownloads/ratefile.php, mylinks/ratelink.php, and mylinks/modlink.php. By exploiting this vulnerability, the attacker can retrieve the hash of the admin password.
Ricoh InfoPrint 6400 devices allow /config?logpathConf.html HTML Injection by authenticated users, as demonstrated by the 420 parameter.
Ricoh InfoPrint 6500 devices allow /config?destConf.html HTML Injection by authenticated users, as demonstrated by the 166 parameter.
The Digi AnywhereUSB 14 device is vulnerable to a reflective cross-site scripting (XSS) attack. By sending a specially crafted GET request, an attacker can inject and execute malicious script code on the target system, potentially leading to unauthorized access or data theft.
The exploit allows an attacker to execute arbitrary code by exploiting a stack overflow vulnerability in Allok RM RMVB to AVI MPEG DVD Converter version 3.6.1217. By pasting the contents of poc_seh.txt into the License Name input field, an attacker can execute the calc.exe application.
An attacker can break the database through the browser by exploiting a SQL injection vulnerability in the suggest-link.php file of the eSyndiCat Link Exchange Script. By injecting a specially crafted SQL query, the attacker can retrieve sensitive information from the database, such as usernames and passwords.
This script exploits the Citrix Directory Traversal Bug (CVE-2019-19781) by writing a file through the traversal issue and the newbm.pl script. The file location will be in /netscaler/portal/templates/filename.xml. The payload stub used in this exploit is a Python one-liner that creates a reverse shell using netcat. The payload is encoded and passed as an argument to the readpipe function in the template.new block, allowing for remote command execution on the vulnerable system.
When administrator performs a ASTPP backup in web interface (Configuration / Database Restore / Create) the file name follows a semi-predictable pattern located in /var/www/html/astpp/database_backup/. The file name can be FUZZED for data exfiltration with the following pattern: astpp_20200110080136.sql.gz
Services By CQR