This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
The Nagios Remote Plugin Executor (NRPE) is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dont_blame_nrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NRPE makes an effort to sanitize arguments to prevent command execution, it is possible to execute arbitrary commands.
This module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03: CVE-2013-0625: arbitrary command execution in scheduleedit.cfm (9.x only), CVE-2013-0629: directory traversal, CVE-2013-0632: authentication bypass.
This exploit bypasses the DEP (Data Execution Prevention) security feature in FreeFloat ftp 1.0 using ROP (Return Oriented Programming). It allows an attacker to execute arbitrary shellcode on a vulnerable system. The exploit code is available at http://www.exploit-db.com/exploits/24479/
This exploit allows remote attackers to execute arbitrary code on BigAnt Server 2.97 via a crafted username, which triggers a buffer overflow.
Some Netgear Routers are vulnerable to authenticated OS Command injection. The vulnerability exists in the web interface, specifically in the setup.cgi component, when handling the TimeToLive parameter. Default credentials are always a good starting point, admin/admin or admin/password could be a first try. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.
Network Weathermap 0.97a is vulnerable to a persistent XSS when displaying available files. The vulnerability happens when a user injects HTML and Javascript into the title of a map in editor.php. This title is later shown to the user when listing the files in editor.php?action=newfile. Besides the title, other fields also allow an attacker to upload malicious PHP code to a webserver, which can later be executed if the attacker has direct access to that file. This application is often used as a plugin for Cacti. The vulnerability can be exploited in this mode as well, in weathermap-cacti-plugin-mgmt.php?action=viewconfig&file=<affected_file> and it can be used to exploit Cacti.
This module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.
This code is an exploit for the su command in Linux systems. It takes advantage of a buffer overflow vulnerability to gain root privileges. The code contains shellcode that will be executed when the exploit is successful. It also allows for customization of certain parameters such as the offset and length of the NOP sled.
The exploit allows an attacker to gain a root shell on the Rosewill RSVA11001 device by setting the NTP host to a command that opens a reverse shell on port 5555. The exploit takes advantage of a vulnerability in the 'hi_dvr' executable that controls the device's interface. The default startup command runs the exploit on startup and once a day, resulting in a delay if the exploit is remote-only. The authentication on the command port is bypassed by replaying packets from a capture session.
Services By CQR