This module attempts to gain root privileges by exploiting a vulnerability in ktsuss versions 1.4 and prior. The ktsuss executable is setuid root and does not drop privileges prior to executing user specified commands, resulting in command execution with root privileges. This module has been tested successfully on: ktsuss 1.3 on SparkyLinux 6 (2019.08) (LXQT) (x64); and ktsuss 1.3 on SparkyLinux 5.8 (LXQT) (x64).
A flaw exists in diagdns.php in Anon Proxy Server which allows remote attackers to execute arbitrary commands via a crafted request. A virtually identical flaw also exists in diagconnect.php, but it takes longer to execute.
The exploit allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in ChaosPro 3.1. This can be achieved by sending a specially crafted payload to the vulnerable application. The payload adjusts the stack and then executes a shell reverse TCP connection to the attacker's specified IP and port. The exploit payload is generated using msfvenom and uses the x86/alpha_upper encoder to avoid bad characters. The exploit is specific to the Windows platform.
This exploit demonstrates a buffer overflow vulnerability in ChaosPro 2.1. The payload is crafted using msfvenom to create a reverse shell TCP connection. The exploit is designed for Windows systems and uses the x86/alpha_upper encoder. The payload is appended with the egg 'T00WT00W'.
This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id.
An attacker can gain Administrative rights with this authentication bypass exploit using a payload constructed with base64 encoding. The vulnerable code is in the ./123tkShop/shop/mainfile.php file in the is_admin function starting on line 156. The attack works regardless of the magic_quotes_gpc and register_globals settings. The exploit can be executed through the URL http://127.0.0.1/123tkShop/shop/admin.php?admin=J3VuaW9uIHNlbGVjdCAncGFzc3dvcmQnLyogOnBhc3N3b3Jk
The exploit causes a denial of service by sending a large buffer in the majority of Request Headers.
Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most test cases session riding was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover.
This exploit takes advantage of a buffer overflow vulnerability in the QEMU Timer. By sending a specially crafted packet to the target system, an attacker can overwrite memory and potentially execute arbitrary code.
A remote attacker could send a specially crafted SAMLOGON domain logon packet, possibly leading to the execution of arbitrary code with elevated privileges. Note that this vulnerability is exploitable only when domain logon support is enabled in Samba.
Services By CQR