This exploit allows an attacker to reset the admin password of a Loftek Nexus 543 IP camera by sending a maliciously crafted HTTP request. This exploit was discovered by an independent security researcher in 2013 and was assigned CVE-2013-3311.
This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. On the other hand, the injection has been found to be Windows specific. This module has been tested successfully on Endeca Server 7.4.0.787 over Windows 2008 R2 (64 bits).
Musicbox 2.3.8 is vulnerable to SQL Injection, XSS and Shell Upload. An attacker can exploit these vulnerabilities by sending malicious payloads to the vulnerable parameters. For SQL Injection, the vulnerable parameter is 'id' in the URL 'genre_albums.php?id=[SQLI]'. For XSS, the vulnerable parameters are 'term' and 'details' in the URL 'index.php?in=song&term=[Cross site scripting/XSS]&action=search&start=0' and 'member.php?uname=[YOUR_USERNAME]'. For Shell Upload, the vulnerable parameter is 'action' in the URL 'admin/adminpanel.php?action=artistgallery'. An attacker can upload a malicious shell/backdoor and access it via 'images/artist/shell.php'.
A proof-of-concept code for an integer overflow vulnerability in libtiff versions 3.9.5 and below. The vulnerability is triggered when the TIFFGetField library function is called with a malicious samplesperpixel field value, resulting in a segmentation fault.
The exploit works in 3 stages. 1. Authentication. 2. Setting up shellcode in the memory at a known location. 3. Triggering an RA register over-write to execute the shellcode. This particular model of router is based on 'embedded Configurable operating system' a.k.a (eCos) version 2.0. The shellcode used in the exploit is a dummy one that basically just triggers an exception & crashes the router, forcing it to reboot.
A vulnerability exists in the upload.php file of PhpVibe, which allows an authenticated user to upload malicious files with double extensions such as .php.mp3, .php.mp4, and .php.flv. This allows an attacker to upload malicious files to the uploads folder and execute them.
mooSocial is vulnerable to a directory traversal / local file inclusion vulnerability, as a result, it was possible for an attacker to load webserver-readable files from the local filesystem (and to execute PHP stored on the server).
DreamMail e-mail client is vulnerable to stored XSS. Either opening or viewing the e-mail and the user will get an annoying alert box. The injection point is the body of the e-mail. The payloads used are different types of XSS with different syntaxes, each of which will pop a message box with the message 'XSS' inside.
A vulnerable samba daemon has a integer overflow to cause remote dos by nttrans reply while the daemon reading ea_list. In the detail, unsigned data type offset variable in vulnerable function of read_nttrans_ea_list can be wrap up! security bug!
The vulnerability exists due to insufficient validation of HTTP requests passed to web server. A remote attacker can send a specially crafted HTTP request containing directory traversal sequences (e.g. “..%5c”) and read arbitrary files on the target system with privileges of the user running the vulnerable web server.
Services By CQR