NRPE <= 2.15 Remote Command Execution Vulnerability is a vulnerability in the Nagios Remote Plugin Executor (NRPE) which allows an attacker to execute arbitrary commands on the vulnerable system. Discovered by Dawid Golunski, this vulnerability is rated as high severity with a CVSS score of 9.0. It affects versions of NRPE from 2.15 and below. The vulnerability can be exploited by sending a maliciously crafted packet to the NRPE service. The pyOpenSSL library is required to exploit this vulnerability. Mitigation for this vulnerability includes upgrading to a version of NRPE that is not affected by this vulnerability.
This exploit is related to an unspecified vulnerability in Adobe Flash Player. The vulnerability is exploited by a malicious SWF file embedded in a web page. The malicious SWF file is used to create a heap spray which is used to overwrite the return address of a function and execute arbitrary code. The vulnerability is triggered when the user visits a malicious web page.
Ploticus is a software package for generating graphs and plots. It is vulnerable to command injection due to improper sanitization of user input. An attacker can inject arbitrary commands into the 'device' parameter of the Ploticus script, which is then executed on the server.
This exploit is used to inject a command into the ActualAnalyzer application. The command is loaded into a dummy variable and then executed with backticks. The exploit is tested on the Lite version of the application.
DeviceExpert is a web–based, multi vendor network change, configuration and compliance management (NCCCM) solution for switches, routers, firewalls and other network devices. A vulnerability was discovered in the product which allowed for user credential disclosure without any authentication or other information needed. The passwords are a salted MD5 hash. Affected versions are UNFIXED as of 27/08/2014 - current version 5.9 build 5980 is vulnerable, older versions likely vulnerable.
This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs.
This exploit allows an authenticated user to upload a malicious file to the Plogger application. The exploit creates a poisoned gift, which is a zip file containing a malicious PHP file and a true image file. The malicious file is uploaded to the Plogger application and can be accessed by the attacker.
A Local File Inclusion vulnerability exists in the WordPress ShortCode Plugin, version 0.2.3, which allows an attacker to include a file from the local system. The vulnerability is due to the 'file' parameter in the 'force-download.php' script not properly sanitizing user input. An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal characters (e.g., '../') to the vulnerable script. This can allow the attacker to include and execute arbitrary files from the local system.
An attacker creates a malicious page as shown below and uploads it on a server under attacker's control. When a WordPress administrator visits the malicious page above, a JavaScript code which prompts administrator's cookies will be saved on the victim's website. The attacker could send the URL pointing to the malicious webpage in an email or posting it on a website.
A buffer overflow vulnerability in the glibc library's __gconv_translit_find() function can be exploited to gain arbitrary code execution. The vulnerability is caused by a lack of proper bounds checking when processing environment variables. An attacker can exploit this vulnerability by setting a specially crafted environment variable before executing a vulnerable program. This will cause the program to crash, or potentially execute arbitrary code, when the __gconv_translit_find() function is called.
Services By CQR