This exploit allows an attacker to include local files on the server by manipulating the FORUM_LANGUAGE and style parameters in the functions.php and bottom.php files respectively. By using a relative path traversal, the attacker can access sensitive files such as /etc/passwd.
The Movie Portal Script v7.36 is vulnerable to multiple vulnerabilities including Error Based SQL Injection, Reflected XSS, and Union Query SQL Injection. The error based SQL injection vulnerability can be exploited through the 'show_news.php' page with the 'id' parameter. The reflected XSS vulnerability can be exploited through the 'movie.php' page with the 'f' parameter. The union query SQL injection vulnerability can be exploited through the 'movie.php' page with the 'f' parameter and the 'artist-display.php' page with the 'act' parameter.
This exploit takes advantage of a buffer overflow vulnerability in WinaXe Plus 8.7. By sending a specially crafted network printer request, an attacker can execute arbitrary code on the target system. The exploit has been tested on various versions of Windows, including Windows Server 2008 R2 x64, Windows 7 SP1 x64, Windows 10 Pro x64, Windows Server 2012 R2 x64, and Windows Server 2016 x64.
A CSRF vulnerability allows an unauthenticated attacker to add questions to existing quizzes. The question_name parameter is put into a manually-constructed JavaScript object and escaped with esc_js(). However, in js/admin_question.js, the value of the question_name parameter is not properly parsed, allowing for stored XSS attacks.
This exploit allows an attacker to execute arbitrary code on an Omnivista Alcatel-Lucent server running on Windows Server. The exploit takes advantage of a vulnerability in the GIOP request payload, allowing the attacker to add a jobset and execute commands on the target server. The exploit requires the target IP address and a command to be executed as arguments.
This exploit allows an attacker to gain NT AUTHORITYSYSTEM privileges in Sync Breeze Enterprise 9.1.16. The exploit does not require authentication. The exploit should be adjusted for the target IP, shellcode, and bytes. It has been tested on Windows 7 x86 Enterprise SP1.
This module exploits a stack buffer overflow in Disk Pulse Enterprise 9.0.34. If a malicious user sends a malicious HTTP login request, it is possible to execute a payload that would run under the Windows NT AUTHORITYSYSTEM account. Due to size constraints, this module uses the Egghunter technique.
The vulnerability exists in the bodyTemplate.php file of YourFreeScreamer 1.0. The script uses the 'include' function without proper validation, allowing an attacker to include arbitrary files from the server. By manipulating the 'serverPath' parameter in the URL, an attacker can include a malicious file and execute arbitrary code.
An authenticated user of any privilege can execute arbitrary system commands as the non-root webserver user. Multiple parameters to the web interface are unsafely handled and can be used to run operating system commands.
The Sitellite application is vulnerable to a remote file inclusion vulnerability. An attacker can exploit this vulnerability to include arbitrary remote files, which may lead to remote code execution or other attacks.
Services By CQR