There is a small delay between the time of execution of a command and the time privilege escalation is detected. It is therefore possible to use a pty to run a command such as su and provide the password faster than it can be detected. The following PoC becomes root using su and issues killall -9 ninja. The attacker can then run any commands that they wish.
iFTP 2.21 is vulnerable to a SEH overwrite vulnerability. This vulnerability can be triggered by sending a specially crafted file to the application. The application will crash when the user attempts to go to the Schedule > Schedule download > {+} >Time field. The specially crafted file contains a buffer of 600 A's followed by 4 B's and 4 C's.
Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverage the vulnerability to execute arbitrary code on the server via the plugin and theme editors. Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system. The vulnerability bears a similarity to the one reported by Cedric Van Bockhaven in 2014 (patched this week, after 14 months). Instead of using an invalid character to truncate the comment, this time an excessively long comment is used for the same effect.
A stored XSS vulnerability exists in OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5. An attacker can craft a malicious HTML email and send it to an OTRS user. When the user opens the email, the malicious code will be executed in the user's browser, allowing the attacker to gain access to the user's session.
UniPDF v1.2 is vulnerable to a buffer overflow vulnerability when a specially crafted XML file is opened. This can be exploited to cause a denial of service condition by overwriting the SEH handler.
A buffer overflow vulnerability exists in Wireshark version 1.12.4 and earlier. An attacker can exploit this vulnerability by creating a file with a large buffer of data and then entering the buffer into the filter field of Wireshark. This will cause a memory corruption and access violation, resulting in a crash. Other places for the crash include Statistics > IP Statistics, Statistics > Packet Length, Statistics > ANCP, Statistics > Collectd, Statistics > Compared, and Statistics >.
Fady Mohamed Osman (@fady_osman) discovered a buffer overflow vulnerability in Apple iTunes 10.6.1.7. The vulnerability is caused due to a boundary error when processing PLS title fields. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted PLS file to the affected application. Successful exploitation may allow execution of arbitrary code.
This is a RCE PoC for Legend Bot which has been used in the Shellshock spam October 2014. It allows an attacker to take over the Legend Bot by sending a malicious payload to the bot via an IRC server. The payload is then executed on the bot, allowing the attacker to take control of the bot.
This is a SEH based exploit which is more effective than a vanilla buffer overflow. The exploit is used to target Windows 7s & 8s. The exploit uses the address 0x7C9D30D7 and the offset reaches ESP before SEH. The main vulnerability in this case is SEH.
Ultimate Product Catalogue is A responsive and easily customizable plugin for all your product catalogue needs. It has +59.000 downloads, +3.000 active installations. Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator.
Services By CQR