RiteCMS is vulnerable to CSRF which allows an attacker to change the administrator's password and Cross Site Scripting which allows an attacker to inject malicious JavaScript code into the application.
This exploit allows a user with uid 0 to gain access to the kernel by writing to the MSR register. It requires CONFIG_X86_MSR and CAP_SYS_NICE to make the race win nearly guaranteed. It is configured to take a hex arg of a dword pointer to set to 0.
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shell_exec() php function. This module has been tested successfully on PineApp Mail-SeCure 3.70.
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the test_li_connection.php component, due to the insecure usage of the system() php function. This module has been tested successfully on PineApp Mail-SeCure 3.70.
A remote attacker can crash EchoVNC Viewer by sending a malformed request. The crash occurs when EchoVNC Viewer allocate a buffer from heap with the size specified by the malicious server.
The application was found to be vulnerable to a directory traversal attack. The following URL resulted in directory transversal. http://localhost:19000/raframework/ihtml/GetResource?DocUUID=00000122ad09cf47-0000-d521-0aeaf211&DocInstanceID=1&ResourceName=../../../../../../../../../../../../../../../../LFI_HERE
The Better Security Wordpress Plugin logs all 404 errors within the 'logs' tab. By purposefully requesting a non-existent page containing an XSS payload a 404 error will be generated. When the admin clicks on the logs lab, the XSS payload will be triggered and cookies can be stolen, or some onsite request forgery can be carried out to gain admin access.
Multiple vulnerabilities have been found in TP-Link TL-SC3171 [1] IP camera running firmware version LM.1.6.18P12_sign5 that could allow an attacker: (1) to execute arbitrary commands through the file '/cgi-bin/admin/servetest' [CVE-2013-2578], (2) to execute arbitrary commands in a shell using hard-coded credentials [CVE-2013-2579], (3) to perform unauthenticated remote file uploads [CVE-2013-2580], and (4) to perform unauthenticated remote firmware upgrades [CVE-2013-2581]. There are several attack paths that can be exploited by combining these vulnerabilities with other ones discovered by Eliezer Varade Lopez, Javier Repiso Sanchez and Jonas Ropero Castillo [2].
By sending a specially crafted command to the affected routers, the clear text password for the admin account can be extracted, with no authentication required to access the page where it is stored. During the initial setup of these four routers with the affected firmware, the admin password is stored in clear text on the main_internet.php? source code page as the value for 'var pass'. For this bug to exploitable from a remote network attack, UPnP and remote administrative access (port 8080 is set by default) must be enabled.
The vulnerability exists due to insufficient filtration of the 'c' HTTP GET parameter passed to '/index.php' script when HTTP GET 'e' parameter is set to 'rss'. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database.
Services By CQR