This exploit grants DBA permission to an unprivileged user by using the Evil cursor technique. It uses the SYS.LT.CREATEWORKSPACE and SYS.LT.MERGEWORKSPACE functions to execute the malicious code.
Quate CMS version 0.3.5 is vulnerable to Remote File Inclusion (RFI) and Local File Inclusion (LFI) attacks. The vulnerability exists in the admin/includes/header.php and admin/includes/footer.php files. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request can include a URL to a malicious file hosted on a remote server, which will be included in the vulnerable page. This can allow an attacker to execute arbitrary code on the vulnerable server.
The vulnerability exists in the download.php file of ISPworker version 1.23. The file allows attackers to download any file from the server by using the ticketid and filename parameters. An attacker can use the '../' directory traversal technique to access files outside the web root directory.
The Site Management application of dotDefender is reachable as a web application (https:site/dotDefender/) on the webserver. After passing the Basic Auth login, an attacker can inject arbitrary commands by exploiting the 'deletesite' implementation and the 'deletesitename' variable due to insufficient input validation.
Ciamos CMS version 0.9.5 and below is vulnerable to a Remote File Include vulnerability. This vulnerability exists in the 'module_path' parameter of the 'index.php' file in the 'pms' directory. An attacker can exploit this vulnerability by sending a malicious URL in the 'module_path' parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.
A vulnerability in Golden FTP Server 4.30 Free and Professional allows an attacker to delete files outside of the FTP root directory. This is achieved by using the FTP command CWD to change the working directory to the FTP root directory, and then using the FTP command DELE to delete a file outside of the FTP root directory. This can be done by using a relative path, such as '../../bollocks.txt'.
After successfuly logged-in, when you send 'HELP AAAA...(4074 times)', ftp daemon crashes.
WP-Polls 2.x is vulnerable to incorrect flood filter. An attacker can send a crafted request to the wp-polls.php file with the poll_id and poll_7 parameters set to the ID of the survey and the ID of the vote respectively. This will allow the attacker to vote multiple times in the same survey.
There is an unbelievable simple local r00t bug in recent FreeBSD versions. The bug resides in the Run-Time Link-Editor (rtld). Normally rtld does not allow dangerous environment variables like LD_PRELOAD to be set when executing setugid binaries like 'ping' or 'su'. With a rather simple technique rtld can be tricked into accepting LD variables even on setugid binaries.
A SQL injection vulnerability was discovered in Xxasp 3.3.2. An attacker can exploit this vulnerability to gain access to the administrator's credentials by sending a specially crafted HTTP request to the vulnerable application. This can be done by appending a malicious SQL query to the 'SearchCondition' parameter of the 'ShareList.asp' page.
Services By CQR