Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site.
ap-unlock-v1337.py is a python script which exploits a vulnerability in Apache + PHP 5.* to gain remote code execution. It can be used to connect back to a shell on a given host and port. It is not multithreaded but is in random scanner and is scanner from file. It can be adjusted for Windows boxes.
The WB-3300NR Unicorn Router suffers from numerous CSRF vulnerabilities. Considering that by default the administrative pages do not require authentication, countless exploits exist. The PoC code demonstrates that with CSRF and XSS, it might be possible to obtain the WPA password.
Textmaker suffers from improper handling of crafted TMW file formats which leads to memory corruption. It's enough to Open the "PoC.tmw" with Softmaker Office Textmaker 2012 to reproduce the vulnerability.
XAMPP is a platform-independent server, free software, which mainly consists of the MySQL database, the Apache web server and interpreters for scripting languages: PHP and Perl. An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of the database and/or expose sensitive information. The vulnerable file is cds.php and the parameter is 'jahr='. The exploit is http://127.0.0.1/xampp/cds.php?jahr=1967 AND sleep(3)&interpret=1&titel=555-666-0606
This is a code execution bug in the combination of Apache and PHP. On Debian and Ubuntu the vulnerability is present in the default install of the php5-cgi package. When the php5-cgi package is installed on Debian and Ubuntu or php-cgi is installed manually the php-cgi binary is accessible under /cgi-bin/php5 and /cgi-bin/php. The vulnerability makes it possible to execute the binary because this binary has a security check enabled when installed with Apache http server and this security check is circumvented by the exploit. When accessing the php-cgi binary the security check will block the request and will not execute the binary. In the source code file sapi/cgi/cgi_main.c of PHP we can see that the security check is done when the php.ini configuration setting cgi.force_redirect is set and the php.ini configuration setting cgi.redirect_status_env is set to no. This makes it possible to execute the binary bypassing the Security check by setting these two php.ini settings. Prior to this code for the Security check getopt is called and it is possible to set cgi.force_redirect to zero and cgi.redirect_status_env to zero using the -d switch. If both values are set to zero and the request is sent to the server php-cgi gets fully executed and we can use the payload in the POST data field to execute arbitrary php and therefore we can execute programs on the system.
Multiple remote sql injection web vulnerabilities are detected in the official GTX Content Management System 2013 web application. The vulnerability allows remote attackers to unauthorized inject own sql commands to compromise the web-application or the web-server dbms.
A persistent input validation web vulnerability is detected in the Olat Content Management System v7.8.0.1 (b20130821-N1) web-application. The web vulnerability allows remote attackers to implement/inject own malicious script codes on application side of the online-service. The persistent web vulnerability is located in the `Calender` module. Remote attackers are able inject malicious script codes via the `title` value of the `calender` module. The execution of the malicious script code occurs in the `calender` module of the online-service. The request method to inject is POST and the attack vector is persistent.
Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Several functionalities from Rules section were found to miss the token so as to prevent CSRF. A proof-of-concept code was provided to demonstrate the vulnerability. These were found at: Creating a rule, Updating, Enabling, Deleting.
A vulnerability in WatchGuard Firewall XTM version 11.7.4u1 allows an attacker to remotely execute arbitrary code by sending a specially crafted HTTP request containing a malicious sessionid cookie.
Services By CQR