This exploit is a local DoS caused by a missing limit check in the fat loader of the Mac OS X Kernel. The exploit is crafted by creating a binary with a large number of architectures and then spawning it. This causes the kernel to crash due to the missing limit check.
Using adb one can create a backup of his/her Android device and store it on the PC. The backup archive is based on the tar file format. By modifying tar headers to contain ../../ like patterns it is possible to overwrite files owned by the system user on writeable partitions. An example pathname in the tar header: apps/com.android.settings/sp/../../../../data/system/evil.txt Tar header checksum must be corrected of course. When restoring the modified archive the BackupManagerService overwrites the resolved file name, since file name is not sanitized.
This module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.
This module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
This module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.
Multiple vulnerabilties exist in the GoAutodial 3.3 open source call centre software that will lead to a complete compromise of the underlying database and infrastructure. A simple 'OR '1'='1 in the password field with a username of 'admin' will log you in. (assuming the default administrator user has not been removed). You can also test this by performing the following GET request: https://<ip>/go_login/validate_credentials/admin/' OR '1'='1. This function returns a single entry from the db that contains user information including the username and password. Given that the first 'active' user in the db would most likely be the admin user you can search for active=Y. There is a column in the vicidial_users table that identifies whether a user is active (Y) or not active (N). Given this, you can perform the following to return an admin user's account username and password. https://<ip>/index.php/go_site/go_get_user_info/' or active='Y. This function returns a single entry from the db that contains user information including the username and password. Given that the first 'active' user in the db would most likely be the admin user you can search for active=Y. There is a column in the vicidial_users table that identifies whether a user is active (Y) or not active (N). Given this, you can perform the following to return an admin user's account username and password. https://<ip>/index.php/go_site/go_get_user_info/'<script>alert(1)</script>
It is possible to read the file on the local database due to incorrect coding and unconsciousness in it causing 'force-download.php' file.
ProFTPd 1.3.5 with mod_copy is vulnerable to a remote command execution vulnerability. An attacker can exploit this vulnerability by sending malicious FTP commands to the vulnerable server. This can be done by using the SITE CPFR and SITE CPTO commands to copy a malicious PHP payload to a web accessible directory and then execute it through HTTP.
The 'submit_nex_form' ajax function is affected from SQL Injection vulnerability. The 'nex_forms_Id' var is not sanitized.
Services By CQR
