This is an exploit that allows an attacker to fetch the md5 hash of the admin password in Cutenews version 1.4.5 or below. The exploit is optimized for speed and goes through the $_COOKIE variable, so there is no logging fear. It also includes a pretesting feature to save time if Cutenews is not vulnerable.
The CSRF vulnerability was discovered in the AltaLink C8035 printer model of Xerox printer hardware. A request to add users is made in the Device User Database form field. This request is captured by the proxy. And a CSRF PoC HTML file is prepared. Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.)
This exploit allows an attacker to crash XnView for Windows by creating a file with specific characters and using the 'Research' feature.
In the corresponding version of v2.1.9 by the manufacturer of Tautulli, it has been discovered that anonymous access can be achieved in applications that do not have a user login area and that the remote media server can be shut down.
We discovered a Local Privilege Escalation in OpenBSD's dynamic loader (ld.so): this vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. We developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.
MeGaCheatZ v1.1 is a full-fledged computer game cheats script. This script could VERY EASILY be an entire web-site. It's 100% cgi/php/template driven. It contains a script that will pull all of the latest PC games cheats FOR you! It also has manual submission and removal! This script does ALL of the work for you. Visitors can even search for specific games!
The D-Link DIR-615 Wireless Router is vulnerable to persistent cross-site scripting. An attacker can inject malicious script into the name field, which gets saved by the server and is reflected on the user page. This allows the attacker to execute the script and gather sensitive information from the victim, such as IP, cookies, and user agent. Additionally, HTML injection is possible by inserting HTML tags into the username field.
This exploit allows an attacker to trigger a stack overflow vulnerability in FTP Commander Pro version 8.03 and execute arbitrary code on the target system. The vulnerability occurs when a specially crafted payload is sent to the FTP server, causing the program to crash and open the calculator application.
This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1.
A vulnerability in pmdrvs.sys driver has been discovered in Lenovo Power Management Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.
Services By CQR