This exploit is used to gain root privileges on IBM Tivoli Monitoring V6.2.2. The exploit uses a shared library to execute a setresuid() call to set the effective user ID to the real user ID, thus granting root privileges. The shared library is compiled with a version script to ensure that it is loaded by the vulnerable kbbacf1 binary.
Konke is a smart Home Furnishing products in China, the product has a security vulnerability, an attacker could exploit the vulnerability to obtain equipment management authority. Konke Smart Plug open 23 port, we can telnet the 23 port, we can get root without password. Scan Konke using nmap scan the 23 port, open cmd telnet Konke's 23 port and now you are the root. It is a openwrt, you can use busybox do everything! You can use 'reboot' command to reboot Konke.
Tapatalk <= 5.2.1 is vulnerable to a Remote Code Execution vulnerability. An attacker can craft a malicious XML-RPC request to the mobiquo.php file, which will allow them to execute arbitrary code on the server. This exploit was discovered by tintinweb 0x721427D8.
Tuleap does not validate the syntax of the requests submitted to SVN handler pages in order to validate weather request passed to passthru() function are introducing any extra parameters that would be executed in the content of the application. This vulnerability can be exploited by external attackers to introduce external commands into the workflow of the application that would execute them as shown on the attached Proof Of Concept code below.
A multiple XML External Entity Injection has been found and confirmed within the software as an authenticated user. Successful attack could allow an authenticated attacker to access local system files. The following example vectors can be used as PoC to confirm the vulnerability.
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URLs and parameters have been confirmed to suffer from SQL injections: GET /plugins/docman/?group_id=100&id=16&action=search&global_txt=a<SQL Injection>&global_filtersubmit=Apply HTTP/1.1 Host: 192.168.56.108 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.56.108/plugins/docman/?group_id=100 Cookie: PHPSESSID=3pt0ombsmp0t9adujgrohv8mb6; TULEAP_session_hash=d51433e1f7c9b49079c0e5c511d64c96 Connection: keep-alive
A persistent input validation web vulnerability has been discovered in the official Folder Plus v2.5.1 iOS mobile application. The issue allows an attacker to inject own script code as payload to the application-side of the vulnerable service function or module. The vulnerability is located in the delete item message context of the wifi interface listing module. The issue allows rmt attacker to inject own malicious script code as payload to the application-side of the vulnerable service function.
A code execution web vulnerability has been discovered in the official AirPhoto WebDisk+ v2.1 iOS mobile web-application. The vulnerability allows remote attackers to compromise the application and connected device components by exploitation of a system specific code execution vulnerability in the wifi interface. The vulnerability is located in the `name` input fie of the `/upload.php` file. Remote attackers are able to inject own malicious script code to compromise the application or connected device components.
The Linux version of strings is an integral part of GNU binutils, a suite of tools that specializes in the manipulation of several dozen executable formats using a bundled library called libbfd. Unfortunately, the underlying library can be hardly described as safe: a quick pass with afl (and probably with any other competent fuzzer) quickly reveals a range of troubling and likely exploitable out-of-bounds crashes due to very limited range checking. In binutils 2.24, an arbitrary pointer (0x41414141) taken from the input file is first read and then written to, making potential attacks easier and more reliable.
reminders/index.php which ships with Incredible PBX suffers from a command execution vulnerability, allowing an authenticated user to inject commands as the asterisk user. As none of user input sent through $_REQUEST[] parameters is being validated/sanitized before being passed it to system(), a malicious command can be sent to the vulnerable script.
Services By CQR