Light Audio Player 1.0.14 is vulnerable to a memory corruption vulnerability. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim. When the victim opens the malicious file, the application will crash.
BigDump v0.35b is vulnerable to an arbitrary file upload vulnerability. This vulnerability allows an attacker to upload malicious files and shells with tamperdate. The vulnerable file is bigdump.php and the exploit is available at http://host/bigdump.php?start=
Light jetVideo 8.1.1 Basic (.wav) Local Crash PoC is a proof-of-concept exploit for a denial-of-service vulnerability in jetVideo 8.1.1 Basic. The vulnerability is triggered when a specially crafted .wav file is opened in the application, causing it to crash.
This PoC exploits a memory corruption vulnerability in Windows Media Player 11.0.5721.5230. It creates a malicious .wav file which, when opened, causes the application to crash.
This module exploits a php unserialize() vulnerability in Horde <= 5.1.1 which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() exists in the 'lib/Horde/Variables.php' file. The exploit abuses the __destruct() method from the Horde_Kolab_Server_Decorator_Clean class to reach a dangerous call_user_func() call in the Horde_Prefs class.
An authenticated user can execute arbitrary code on the LifeSize UVC 1.2.6 system by sending a specially crafted POST request to the server-admin/operations/diagnose/ping/, server-admin/operations/diagnose/trace/ and server-admin/operations/diagnose/dns/ endpoints. The POST request contains a malicious source_ip parameter which contains a command to be executed on the server. The command is executed as the www-data user.
A buffer overflow vulnerability exists in Immunity Debugger 1.85. The vulnerability is caused due to a boundary error when handling user-supplied data. This can be exploited to cause a stack-based buffer overflow by supplying a specially crafted argument to the vulnerable application. Successful exploitation may allow execution of arbitrary code.
Under certain circumstances, an attacker can inject a specially crafted URI or click on a mal-formed link to exploit a cross-site scripting vulnerability or CRLF injection vulnerability that theoretically can be used to gain unauthorized access to a user account or collect sensitive information of this user.
The local file include web vulnerability allows remote attackers to include local files from the mobile device to compromise the application or mobile device. The vulnerability is located in the `file` value of the `index.php` file. Remote attackers are able to inject own malicious files to compromise the mobile device or application. The request method to inject is POST and the attack vector is located on the application-side of the service. The persistent input validation web vulnerability allows remote attackers to inject own malicious script codes to the application-side of the service. The vulnerability is located in the `name` value of the `index.php` file. Remote attackers are able to inject own malicious script codes to compromise the application or mobile device. The request method to inject is POST and the attack vector is located on the application-side of the service.
The root user has a hardcoded password that is unknown and not changeable. Normally access is only through the restricted shells. The /etc/shadow file shows the following hash: root:$1$FGOgdWM7$dac9P0EJgTSX8a4zc4TXJ/:15783:0:99999:7::: The /root/.ssh/authorized_keys on the appliance contains the following key (same with every deployment): -----BEGIN DSA PRIVATE KEY----- MIIBugIBAAKBgQCEgBNwgF+IbMU8NHUXNIMfJ0ONa91ZI/TphuixnilkZqcuwur2 hMbrqY8Yne+n3eGkuepQlBBKEZSd8xPd6qCvWnCOhBqhkBS7g2dH6jMkUl/opX/t Rw6P00crq2oIMafR4/SzKWVW6RQEzJtPnfV7O3i5miY7jLKMDZTn/DRXRwIVALB2 +o4CRHpCG6IBqlD/2JW5HRQBAoGAaSzKOHYUnlpAoX7+ufViz37cUa1/x0fGDA/4 6mt0eD7FTNoOnUNdfdZx7oLXVe7mjHjqjif0EVnmDPlGME9GYMdi6r4FUozQ33Y5 PmUWPMd0phMRYutpihaExkjgl33AH7mp42qBfrHqZ2oi1HfkqCUoRmB6KkdkFosr E0apJ5cCgYBLEgYmr9XCSqjENFDVQPFELYKT7Zs9J87PjPS1AP0qF1OoRGZ5mefK 6X/6VivPAUWmmmev/BuAs8M1HtfGeGGzMzDIiU/WZQ3bScLB1Ykrcjk7TOFD6xrn k/inYAp5l29hjidoAONcXoHmUAMYOKqn63Q2AsDpExVcmfj99/BlpQIUYS6Hs70u B3Upsx556K/iZPPnJZE= -----END DSA PRIVATE KEY----- Using the key on a remote system to login through SSH will give a root shell.
Services By CQR