This exploit allows an attacker to gain access to the database of a vulnerable vBulletin 4.0.x to 4.1.2 website. The exploit is done by sending a malicious POST request to the search.php page with a crafted query parameter. The exploit is able to extract the username, email, password and salt of a given userid.
It was found that an XSS injection is possible on a syslog server running LogAnalyzer version 3.6.5. by changing the hostname of any entity logging to syslog server with LogAnalyzer to <script>alert("xss")</script>, and sending an arbitrary syslog message, a client-side script injection execution is possible.
Wordpress Huge-IT Image Gallery 1.0.1 is vulnerable to an authenticated SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious payload to the vulnerable parameter 'removeslide' in the 'gallery_func.php' file. This can allow an attacker to execute arbitrary SQL commands on the underlying database.
ME EventLog Analyzer contains a 'agentUpload' servlet which is used by Agents to send log data to the server. This servlet is accessible without authentication and allows an attacker to upload arbitrary files to the server. This can be used to upload a malicious JSP file and execute arbitrary code on the server. The same servlet also allows an attacker to download arbitrary files from the server. It also contains a SQL injection vulnerability which allows an attacker to execute arbitrary SQL queries on the server. It also contains a command injection vulnerability which allows an attacker to execute arbitrary commands on the server.
There are several vulnerable servers are out there if you know the Google dorks. Quoting the author of the Internet Census 2012: 'As a rule of thumb, if you believe that 'nobody would connect that to the Internet, really nobody', there are at least 1000 people who did.' These vulnerabilities can be abused to achieve remote code execution as SYSTEM in Windows. I've updated the desktopcentral_file_upload Metasploit module to use the new statusUpdate technique. Needless to say, owning a Desktop Central box will give you control of all the computers and smartphones it manages.
This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.
The Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. This bug allows an attacker to upload any php file remotely to the vulnerable website (administrator by default). I have tested and verified that having the current version of the plugin installed in a WordPress installation will allow any registered user (Administrator, Editor, Author, Contributor and Subscriber), to upload a PHP shell to exploit the host system.
Multiple WordPress themes are vulnerable to an arbitrary file download vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This can allow an attacker to download any file from the server, including sensitive files such as wp-config.php, which contains the database credentials.
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the “cmi” module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device.
HTML Help Workshop is prone to a buffer overflow vulnerability when handling specially crafted input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability affects HTML Help Workshop version 1.4.
Services By CQR