This is a generic exploit for 64-bit nginx which uses a new attack technique (BROP) that does not rely on a particular target binary. It will work on any distro and even compiled from source installations.
The file "/photo/include/blog/article.php" contains a Blind SQL Injection Vulnerability in the 'value' variable in the URL. An attacker can send a specially crafted HTTP request to the vulnerable server in order to exploit this vulnerability.
A 3 years old Sql injection flaw in Trixbox all versions was discovered by i-Hmx. The vulnerable file is /var/www/html/maint/modules/endpointcfg/endpoint_aastra.php. The exploit allows an attacker to gain root access to the system.
MicroP(.mppl) Local Stack Based Buffer Overflow is a vulnerability that allows an attacker to execute arbitrary code by overflowing a buffer on the stack. The vulnerability is caused by a lack of proper validation of user-supplied input, which can be exploited to cause a stack-based buffer overflow. The exploit code is written in Ruby and uses a shellcode to execute arbitrary code. The exploit has been tested on Windows XP SP2.
SQL injection vulnerability exists in Trixbox All Versions. An attacker can exploit this vulnerability to grab users/password hashes from ampusers table in asterisk database. This can be done by using a python sqlmap tool with the following command: python sqlmap.py -u http://localhost/web-meetme/conf_cdr.php?bookId=1 -D asterisk -T ampusers -C username,password --dump --level 4 --risk 4 --no-cast --threads 10
The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms. A proof of concept is provided which uses a form with a hidden input field and an iframe to submit the form. This allows an attacker to execute arbitrary code on the device.
A vulnerability in FreePBX 2.9, 2.10, 2.11, and 12 allows remote attackers to execute arbitrary commands via a crafted request to the admin/config.php script.
A local file inclusion vulnerability was discovered in the ‘kcfinder’ component of the vtiger CRM 6.0 RC. This could be exploited to include arbitrary files via directory traversal sequences and subsequently disclose contents of arbitrary files. The following request is a Proof-of-Concept for retrieving /etc/passwd file from remote system.
SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. The following URL and parameters have been confirmed to suffer from Blind SQL injection. http[s]://<host>/Resources/System/Templates/Data.aspx?DocID=1&field=JobID&value=1<SQL INJECTION>&JobID=1&ParentDocID=1694&InTab=1&ParentKey=JobNumber&NoStore=1&Popup=1 This vulnerability exists because ‘value’ variable is not sanitised before it is used as part of an SQL query to retrived specific job information.
LuxCal v3.2.2 suffers from a CSRF and Blind SQL Injection Vulnerabilities. Proof of concept for CSRF is a HTML form with hidden inputs and for Blind SQL Injection is a URL with malicious payload. No contact from vendor.
Services By CQR