This exploit is for the DYLD_PRINT_TO_FILE local privilege escalation vulnerability in OS X 10.10 - 10.10.4. It copies files around with root permissions, overwrites them and deletes them afterwards. Any glitch could corrupt the system.
Counter-Strike 1.6 is vulnerable to a Denial of Service attack due to a query reflection vulnerability. An attacker can send a specially crafted GameInfo request to a vulnerable server, which will then reflect the request back to the attacker's IP address. This can be used to flood the attacker's network with UDP traffic, resulting in a Denial of Service.
This module exploits a file upload vulnerability in SysAid Help Desk v14.3 and v14.4. The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. By combining both weaknesses, a remote attacker can accomplish remote code execution. Note that this will only work if the target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduces a protection against null byte injection in file names. This module has been tested successfully on version v14.3.12 b22 and v14.4.32 b25 in Linux. In theory this module also works on Windows, but SysAid seems to bundle Java 7u40 and above with the Windows package which prevents the vulnerability from being exploited.
TcpDump rpki_rtr_pdu_print Out-of-Bounds Denial of Service vulnerability allows an attacker to cause a denial of service (DoS) by sending a specially crafted packet to the target system. This vulnerability affects versions 4.6.2, 4.5.1, and 4.4.0 of TcpDump. The vulnerability can be triggered by sending a packet with a spoofed source IP address to the target system. The packet must be sent in verbose mode for the DoS to be triggered.
The Vulnerability Laboratory Core Research Team discovered an application-side input validation web vulnerability in the official SandStudio AirDroid (windows, ios and android) mobile web-application. The vulnerability allows remote attacker or low privilege user accounts to inject malicious codes to the application-side of the affected mobile web-application. The vulnerability is located in the send messages and the send message with an attached file module. Remote attackers with low privilege user account are able to uploade malicious files to the application-side of the vulnerable mobile web-application.
This stored XSS vulnerability allows any logged in user to inject malicious code in the comments section. The vulnerability exists because the user input is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser.
Microsoft Word, Excel and Powerpoint 2007 contains a remote code execution vulnerability because it is possible to reference documents such as Works document (.wps) as HTML. It will process HTML and script code in the context of the local machine zone of Internet Explorer which leads to arbitrary code execution. By persuading users into opening eg. specially crafted .WPS, ".doc ", ".RTF " (with a space at the end) it is possible to triggerthe vulnerability and run arbitrary code in the context of the logged on Windows user.
An attacker can delete any file the PHP process can delete. For this to happen, a logged-in user would have to be tricked into clicking on a link controlled by the attacker. It is easy to make these links very convincing.
This module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This module has been successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.
A backdoor is present in several TOTOLINK products. This was confirmed by analysing the latest firmwares and by testing the backdoor against live routers. At least 8 TOTOLINK products are affected (firmwares come from totolink.net and from totolink.cn). By sending a crafted request to the WAN IP, an attacker will open the HTTP remote management interface on the Internet. Then an attacker can use a Remote Code Execution in the HTTP remote management interface by using the hidden /boafrm/formSysCmd form, bypassing the authentication system.
Services By CQR