The exploit allows an attacker to escalate their privileges from a regular user to root user. The attacker creates a script that copies the /bin/sh binary to their user directory, changes the permissions and ownership of the copied binary to root, and then creates a symbolic link to a system file. When the system file is executed, it runs the copied /bin/sh binary as root, giving the attacker root privileges.
The vulnerable code is in the decode_fh function in the fs/nfsd/nfs3xdr.c file. By sending a malicious fhsize value in the diroparg xdr argument, an attacker can trigger a denial of service vulnerability. The vulnerable host must have an accessible exported directory previously mounted by the attacker. Changing the size variable to an unsigned int or checking for size < 0 can fix the issue.
The PowerTCP ActiveX component, specifically the DartFtp.dll, is vulnerable to remote code execution. An attacker can exploit this vulnerability by crafting a malicious script and tricking a user into clicking a button that launches the exploit. The vulnerability allows the attacker to execute arbitrary code with the privileges of the user running the affected software.
A remote user can create a malicious skin file (*.grs) that, when loaded by the target user, will trigger a buffer overflow in DUNZIP32.DLL (4.0.0.3) and potentially execute arbitrary code.
This exploit allows an attacker to execute arbitrary commands on a system running phpBB versions 1.0.0 to 2.0.10. The attacker needs to modify the b4b0.php file with the correct URL to their backdoor and the correct filename for the backdoor. After uploading the modified file to a web server, the attacker can use telnet to connect to the exploited system and execute commands.
An attacker could be able to inject and execute PHP code through $_GET['sort'], that is passed to create_function(). Only admin can access to the plugins management interface, but the attacker might be able to retrieve a valid admin session id using the SQL injection bug in comments.php.
The Hosting Controller software has a security flaw that allows attackers to browse any file and any directory on the server. The vulnerability exists in the admin/mail/Statsbrowse.asp and admin/iis/Generalbrowse.asp files. By manipulating the URL, an attacker can view the contents of the server's hard disk.
The vulnerability allows to verify the existence of the files and directories around the server. The exploit takes advantage of the 'index.php' page in LokiCMS version 0.3.4.
The Absolute Poll Manager XE script is vulnerable to SQL injection. An attacker can exploit this vulnerability by injecting SQL queries into the 'p' parameter in the xlacomments.asp file. This can lead to unauthorized access, data manipulation, and other malicious activities.
This perl script allows remote attackers to execute arbitrary commands via the 'cmd' parameter.
Services By CQR