This exploit is a buffer overflow vulnerability in NTPDC 4.2.6p3. It is tested on x86 Ubuntu 12.04.5 LTS. The exploit uses a payload of '/bin/nc -lp 5544 -e /bin/sh' which is stored in the environment variable EGG. The exploit then uses a loop to increment the LD_PRELOAD environment variable with a payload address based on an empty environment. The exploit then calls the ntpdc command with the sploit payload.
Any registered user can upload any file because of incorrect if statement inside banneruploaderscript.php. Proof of concept involves logging in as a regular user and submitting a form with a file input to banneruploaderscript.php. The file will be visible at http://wordpress-install/wp-content/plugins/wp-easycart/products/banners/%filename%_1.%fileextension%.
The Content Management System Sefrengo v.1.6.0 contains SQL-Injection vulnerabilities in its administrative Backend. The administrative Backend of Sefrengo CMS contains a functionality to edit folders which reside on the CMS. Its located here: http://{TARGET}/backend/main.php?area=con_configcat&idcat=1&idtplconf=0. The parameter „idcat“ ist vulnerable against SQL-Injection. An attacker could abuse this to send crafted URLs to the administrator via mail to execute own SQL commands (e.g. create a second admin-account). Another SQL-Injection vulnerability can be found in the administrative backend, where the admin can manage installed plugins. The vulnerable parameter is „idclient“ in the following URL: http://{TARGET}/backend/main.php?area=plug&idclient=1.
A SQL injection vulnerability was found in Microweber CMS 0.95. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.
This module exploits a stack-based buffer overflow vulnerability in BulletProof FTP Client 2010, caused by an overly long hostname. By persuading the victim to open a specially-crafted .BPS file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This module has been tested successfully on Windows XP SP3.
The exploit must be excuted as system privilege and specific SELinux context. If exploit successed,you will gain root privilege and 'kernel' SELinux context. The bug info can be found at https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322. The exploit can be built by creating an Android.mk and Application.mk and using ndk-build to build the project. The exploit must be run as system privilege, with SELinux context such as 'keystore', 'vold', 'drmserver', 'mediaserver', 'surfaceflinger'. If exploit successed,you will gain root privilege and 'kernel' SELinux context.
A buffer overflow vulnerability exists in the COM component used by the product SkinCrafter3_vs2005.dll. Skin Crafter is a software that is used to create custom skins for different windows applications. The vulnerability was tested on Windows XP SP3 (EN) with IE6.
A user can inject malicious JavaScript code into the Game Content field when adding a game, which will be executed when the page is loaded. This can be used to change the user interface of the page.
A service called 'infosvr' listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the 'ASUS Wireless Router Device Discovery Utility', but this service contains a feature that allows an unauthenticated user on the LAN to execute commands <= 237 bytes as root. Source code is in asuswrt/release/src/router/infosvr. 'iboxcom.h' is in asuswrt/release/src/router/shared.
CMS user details section is vulnerable to XSS. You can run XSS payloads. Go to the Update user settings page and set the Real Name value to '><script>alert(String.fromCharCode(88, 83, 83))</script>' or '><script>alert(document.cookie)</script>'
Services By CQR