This exploit allows an attacker to perform SQL injection through the 'start' parameter in the waldronmatt FullCalendar-BS4-PHP-MySQL-JSON version 1.21. The exploit takes advantage of boolean-based blind, error-based, and time-based blind SQL injection vulnerabilities.
The Intelbras Router WRN150 version 1.0.18 is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can trick a user into submitting a malicious form that changes the system password without their knowledge or consent.
This module exploits an issue in ptrace_link in kernel/ptrace.c before Linux kernel 5.1.17. This issue can be exploited from a Linux desktop terminal, but not over an SSH session, as it requires execution from within the context of a user with an active Polkit agent. In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME.
Wordpress Sliced Invoices plugin with a version lower than 3.8.2 is affected by an Authenticated SQL Injection vulnerability.
This module exploits a stack overflow in 3Proxy prior to 0.5.3h, and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request to the default port of 3128, a remote attacker could overflow a buffer and execute arbitrary code.
PHP Object Injection because of a downsize in the read/write process with the database leads to RCE. The exploit will backdoor the configuration.php file in the root directory with an eval of a POST parameter. That's because the exploit is more reliable (doesn't rely on common disabled function). For this reason, use it with caution and remember the house cleaning. Btw, you can also edit this exploit and use whatever payload you want. just modify the exploit object with get_payload('you_php_function','your_parameters'), e.g. get_payload('system','rm -rf /') and enjoy
This exploit allows an attacker to bypass the upload shell functionality in dokeos-1.8.4 and upload a shell to the user's profile. By registering in the script and accessing the profile page, the attacker can upload a renamed shell file and access it through the profile page.
The exploit allows an attacker to cause a denial of service (DoS) by executing a specific sequence of actions in the WinRAR software. By opening a file.rar, accessing the help menu, and dragging the exploit to the window, the software crashes, resulting in a DoS condition.
The exploitation is implanting a backdoor in /configuration.php file in the root directory with an eval in order to be more suitable for all environments, but it is also more intrusive. If you don't like this way, you can replace the get_backdoor_pay() with get_pay('php_function', 'parameter') like get_pay('system','rm -rf /')
Web Companion versions 5.1.1035.1047 service 'WCAssistantService' has an unquoted service path. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Services By CQR