This exploit is for the SEH based Buffer Overflow vulnerability in DameWare Remote Support V. 12.1.0.34. It allows an attacker to execute arbitrary code by exploiting a buffer overflow vulnerability in the Tools >> Computer Comments >> Description feature.
The crash occurs in the fontsub.dll code when a malformed font file is processed. The specific function where the crash occurs is MergeFormat12Cmap.
The ViArt CMS 3.3.2 version is vulnerable to remote file inclusion. The vulnerability exists in the 'block_site_map.php' file, where it fails to properly validate user-supplied input before including a file. An attacker can exploit this vulnerability by sending a specially crafted request with a malicious URL to execute arbitrary code on the target system.
Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with 'pg_execute_server_program' to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table. This module should work on all Postgres systems running version 9.3 and above. For Linux & OSX systems, target 1 is used with cmd payloads such as: cmd/unix/reverse_perl. For Windows Systems, target 2 is used with powershell payloads such as: cmd/windows/powershell_reverse_tcp. Alternatively target 3 can be used to execute generic commands, such as a web_delivery meterpreter powershell payload or other customized command.
This module exploits a command execution vulnerability in Moodle 3.6.3. An attacker can upload malicious file using the plugin installation area. Plugins must be hosted accommodate "version.php" and "theme_{plugin name}.php" files. After routine check, the moodle will accept the appropriate plugin file. Plugin control can be bypassed and malicious code can be placed in the files contained in the plugin. The module receives a shell session from the server by placing malicious code in the language file. You must have an admin account to exploit this vulnerability.
The vulnerability allows an attacker to disclose files on the server by manipulating the 'act' parameter in the URL. By using directory traversal techniques, the attacker can access sensitive files, such as the /etc/passwd file. The exploit URL is: http://victim/path/index.php?act=../../../../../../etc/passwd%00
This vulnerability allows low privileged users to hijack files owned by NT AUTHORITYSYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privileged user. The exploit involves checking if the targeted file exists, killing Microsoft Edge to access the settings.dat file, deleting the settings.dat file to create a hardlink to the targeted file, and triggering the vulnerability by restarting Microsoft Edge. Finally, a check is performed to verify that the current user has "Full Control" permissions.
The project-alumni software version 1.0.9, 1.0.8, or lower is affected by a sql injection vulnerability. The vulnerability exists due to bad filtering in the 'view.page.inc.php' and 'news.page.inc.php' files. An attacker can exploit this vulnerability by injecting malicious SQL queries through the 'year' parameter, which can lead to unauthorized access to the database. Another vulnerability is an xss vulnerability in the '/xml/index.php' file, which can be exploited by injecting malicious scripts through the 'year' parameter.
This module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy script can execute commands on the system via a [command].execute() call. Valid credentials for an application administrator user account are required. This module has been tested successfully with Liferay CE Portal Tomcat 7.1.2 ga3 on Debian 4.9.18-1kali1 system.
This exploit allows an attacker to perform a CSRF attack on the CMSsite 1.0 application. By submitting a form, the attacker can delete an admin user without authentication.