This exploit works on default installation of Apache James Server 2.3.2. It allows an authenticated user to execute arbitrary commands on the server. The exploit creates a user with a malicious payload in the /etc/bash_completion.d directory, which is then executed when the user logs in.
Humhub [1] social networking kit versions 0.10.0-rc.1 and prior suffer from multiple persistent Cross-Site Scripting vulnerabilities, which have now been resolved in cooperation with the vendor [2], in various parts of the codebase. In the function actionPost() in '/protected/modules_core/post/controllers/PostController.php' [3], the $_POST variable is cleaned using a now-outdated version of the Yii framework's CmsInput extension stripClean() function [4], which improperly sanitizes user-input for XSS [5]. This situation also applies to actionPost() in '/protected/modules_core/comment/controllers/CommentController.php' [6]. Humhub-modules-mail versions 0.5.9 and prior (when used in conjunction with Humhub 0.10.0-rc.1 or prior) is affected by the same vulnerability as described above. The vulnerable code is located in the function actionCreate() in '/controllers/MailController.php' [8]. In addition to the above, the admin error logging codebase is vulnerable to a persistent XSS attack. The vulnerable code is located in the function actionView() in '/protected/modules_core/admin/controllers/LoggingController.php' [9].
The remote attacker has the possibility to manage the website. The remote attacker is able to login into website with access level as admin.
IceHrm <= 7.1 suffers from multiple vulnerabilities including Local File Inclusion, Cross-Site Scripting, Malicious File Upload, Cross-Site Request Forgery and Code Execution. Proof of Concept (PoC): http://zsltest/icehrm/app/?g=../&n=../../../../etc/passwd%00
MS14-068 is a vulnerability in the Kerberos authentication protocol that allows an attacker to impersonate any user in the domain, including domain administrators. The vulnerability is caused by a flaw in the way Kerberos handles authentication requests for users with long usernames. By sending a specially crafted authentication request, an attacker can bypass the Kerberos authentication process and gain access to the domain as any user.
Multiple SQL injection vulnerabilities have been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database. The following URLs and parameters have been confirmed to suffer from SQL injection.
Offset2lib is a vulnerability in the Linux ASLR implementation that allows an attacker to de-randomize all mmapped areas (libraries, mapped files, etc.) by knowing only an address belonging to the application and the offset2lib value.
A SQL injection vulnerability exists in Advertise With Pleasure! (AWP) version 6.6 and earlier. An attacker can exploit this vulnerability to gain access to plaintext passwords stored in the database. This is done by sending a specially crafted HTTP request to the vulnerable server containing malicious SQL code in the 'group_id' parameter.
The Wireless N ADSL 2/2+ Modem Router with firmware version V2.05.C29GV, manufactured by Technicolor and model DT5130, is vulnerable to Unauthenticated XSS, Arbitrary URL Redirect and Command Injection. An attacker can exploit this vulnerability by sending a specially crafted request containing malicious JavaScript code to the router. This code will be executed in the context of the user's browser. An attacker can also exploit this vulnerability by sending a specially crafted request containing a malicious URL to the router. This URL will be used to redirect the user to a malicious website. An attacker can also exploit this vulnerability by sending a specially crafted request containing a malicious command to the router. This command will be executed in the context of the router.
This plugin is vulnerable to File Disclosure Download. Thanks to this vulnerability, a user can download the configuration file config.php and extract from it the access data to the Database.
Services By CQR