Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to create an administrator user due to a lack of permissions check in the handler/securityService.rpc endpoint. The following HTTP request can be made by any authenticated user, even those with a single role of Monitor. This request will create an administrator with all roles with a username of notadmin and a password of notpassword. Many vectors of remote code execution are available to an administrator. Not only can an administrator deploy WAR applications, they can also evaluate arbitrary groovy scripts via the web interface.
There is a obvious vulnerability of FileMaker that allow access to the local FM-based database file: On DBEngine dll, there is a function called MatchPasswordData: it doesn't matter if your desktop or mobile application is developed in a "secure manner", your confidential data on the database can be accessed.
This script was written to exploit a remote cross-site scripting vulnerability in HP Communication Broker/ HP Operations Agent. This vulnerability is stored in nature until the connection is terminated as it adds the XSS string to the User Agent. Vulnerable page: /Hewlett-Packard/OpenView/BBC/status This Exploit injects a Hidden iFrame which can be used for Social Engineering attacks as a browser exploit or other malicious URL can be embedded.
The CBN modem gateway suffers from multiple vulnerabilities including authorization bypass information disclosure, stored XSS, CSRF and denial of Service. Default credentials are admin/admin and root/compalbn. An attacker can send a POST request to the URL http://192.168.0.1/goform/WifiDisconnect to cause a denial of service for all WiFi connected clients. An attacker can also set a cookie with userData=root or admin to reveal additional pages/info. An attacker can also send a POST request to the URL http://192.168.0.1/goform/WifiDisconnect to exploit the CSRF vulnerability. An attacker can also send a POST request to the URL http://192.168.0.1/goform/WifiDisconnect to exploit the stored XSS vulnerability.
A buffer overflow vulnerability exists in Free WMA MP3 Converter 1.8 Build 20140226. The vulnerability is caused due to a boundary error when handling a specially crafted .wav file. This can be exploited to cause a stack-based buffer overflow by e.g. enticing a user to open a malicious .wav file. Successful exploitation may allow execution of arbitrary code.
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability. calid variable is not sanitized.
Alejandro Hernandez discovered a local kernel panic vulnerability in OpenBSD 5.5. The vulnerability is caused due to an error in the kernel when handling certain ELF files. This can be exploited by a local user to crash the system. The bug was found with Melkor (ELF file format fuzzer) and the fix is available in the OpenBSD errata page.
A malicious user sends a GET request to the Dell Storage with a directory traversal string, and the Dell Storage responds with a list of users and their respective hashes.
This exploit is based on the OLE Remote Code Execution vulnerability identified as MS14-060 (CVE-2014-4114). It creates a blank PowerPoint show (ppsx) file to exploit the vulnerability. The script will also create the INF file and an optional Meterpreter reverse_tcp executable with the -m switch. Alternatively, you can host your own exectuble payload. Host the INF and GIF (EXE) in an SMB share called 'share'.
MAGMI (MAGento Mass Importer) suffers from File inclusion vulnerability (RFI) which allows an attacker to upload essentially any PHP file (without any sanity checks). This PHP file could then be used to skim credit card data, rewrite files, run remote commands, delete files..etc. Essentially, this gives attacker ability to execute remote commands on the vulnerable server.
Services By CQR