The application doesn't sanitize file extension or content in the Logo Editing module. The vulnerability allows a remote attacker to upload files via POST method with multiple extensions and access them remotely.
A arbitrary file upload web vulnerability is detected in the CodeCanyon Wordpress Plugin Complete Gallery Manager v3.3.3 Web-Application. The vulnerability allows remote attackers to upload files via POST method with multiple extensions to unauthorized access them on application-side of the service. The vulnerability is located in the /plugins/complete-gallery-manager/frames/ path when processing to upload via the upload-images.php file own malicious context or webshells.
This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member OpenTextFile from DXVLauncherLib.McKLauncher and returns an object if the file exists and uses the member GetEnvironmentVariable to display the contents of the environmental variable.
The Vino VNC server, which is also the default VNC server in Ubuntu (3.4.2-0ubuntu1.2), is vulnerable to a persistent denial of service vulnerability. The vulnerability is triggered when a VNC client, who claims to only support protocol version 3.3, sends malformed data during the authentication selection stage of the authentication process. If this process is repeated more than just a couple times, it causes Vino VNC server to fall into what appears to be an infinite loop, as seen in the service logs via repeating "Authentication deferred - ignoring client message" messages. This not only affects the connecting client IP, but affects service level availability for all potential VNC clients and the service fails to handle any new VNC client requests regardless of client IP.
This module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateCertificatesServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.
This module exploits a path traversal flaw in the HP ProCurve Manager SNAC Server. The vulnerability in the UpdateDomainControllerServlet allows an attacker to upload arbitrary files, just having into account binary writes aren't allowed. Additionally, authentication can be bypassed in order to upload the file. This module has been tested successfully on the SNAC server installed with HP ProCurve Manager 4.0.
This module exploits a directory traversal vulnerability on Agnitum Outpost Internet Security 8.1. The vulnerability exists in the acs.exe component, allowing the user to load load arbitrary DLLs through the acsipc_server named pipe, and finally execute arbitrary code with SYSTEM privileges.
This module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.
This module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the 'spiderman' user to 'root'. This module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the 'spiderman' user. This module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.
The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious web page.
Services By CQR