VideoCharge Vanilla BOF Exploit v3.16.3.04 is a buffer overflow exploit targeting VideoCharge software version v3.16.3.04. The exploit is triggered by a specially crafted XML file which is copied into the VideoCharge folder. The exploit allows an attacker to execute arbitrary code on the vulnerable system.
The 'upload_file()' ajax function in Wordpress N-Media Website Contact Form with File Upload 1.3.4 is affected from unrestircted file upload vulnerability, allowing an attacker to upload a malicious file to the server.
ZTE F660 Embedded Software does not check Cookies And Credentials on POST method so attackers could download the config file with this post method without authentication.
This module exploits a file upload vulnerability in Novell ZENworks Configuration Management (ZCM, which is part of the ZENworks Suite). The vulnerability exists in the UploadServlet which accepts unauthenticated file uploads and does not check the 'uid' parameter for directory traversal characters. This allows an attacker to write anywhere in the file system, and can be abused to deploy a WAR file in the Tomcat webapps directory. ZCM up to (and including) 11.3.1 is vulnerable to this attack. This module has been tested successfully with ZCM 11.3.1 on Windows and Linux. Note that this is a similar vulnerability to ZDI-10-078 / OSVDB-63412 which also has a Metasploit exploit, but it abuses a different parameter of the same servlet.
Using a specially crafted NBE file, a user can exploit multiple vulnerabilities such as XSS, SQLi, and Command Execution. Authentication is required to exploit this vulnerability, but admin privileges are not required. Any user with access to the Vulnerabilities page can perform these attacks.
This module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and finally accomplish remote code execution. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 16.0.0.305.
This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin's browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.
This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin's browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.
This plugin is vulnerable to a combination of CSRF/XSS attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), the attacker can insert arbitrary script into admin page. Once exploited, admin's browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies etc.
This module exploits an arbitrary PHP code upload in the WordPress ThemePunch Revolution Slider ( revslider ) plugin, version 3.0.95 and prior. The vulnerability allows for arbitrary file upload and remote code execution.
Services By CQR