This exploit is based on sd's exploit and supports more targets. It uses the perf_event_open syscall to open a file descriptor and then maps memory to the address space. It then replaces the uid and gid with 0 and then triggers the exploit.
WinRadius 2.11 is vulnerable to a Denial of Service attack. An attacker can send a crafted packet with a length of 44 bytes to the WinRadius server on port 1812, causing the server to crash. The packet contains a code of 01, a packet identifier of 0xff, a length of 0x002c, an authenticator of 0xd1568a38fbea4a40b78aa27a8f3eae23, a User-Name of 0x01066164616d, a User-Password of 0x02fffff013 and a password of 0xf013577e481e55aa7d296d7a88188921.
There is a CSRF vulnerability in the Buffalo WZR-HP-G300NH2 and any one easily change or manipulate the admin username and password. This is will POST request and any one can craft malicious html form with specially crafted POST request to the router and on execution of the form the router's user name and password can be changed to anything.
An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS). An attacker can inject own SQL syntax thus initiate reading, inserting or deleting database e.g. data.
Network Weathermap 0.97C and lower versions contain a flaw that allows a local file inclusion attack. This flaw exists because the application does not properly sanitise the parameter 'mapname' in the editor.php file. This allows an attacker to create a specially crafted URL to include any '.config' file on the web server, you can bypass the '.config' restriction filter with a php bug. the editor.php must be enabled to successfully exploit.
This wordpress plugin 'WP-SendSMS 1.0' suffers from CSRF vulnerability which can be successfully exploited to trigger Stored XSS vulnerability which in turn sends Wordpress logged in user's cookie to attacker's website. Attacker can also exploit this CSRF vulnerability to change SMS Settings.
concrete5 v5.6.1.2 suffers from multiple CSRF vulnerabilities one of which allow an attacker to modify 'SMTP Settings' and 'Send Mail Method' available at http://127.0.0.1/concrete5.6.1.2/concrete5.6.1.2/index.php/dashboard/system/mail/method/
Exploit for hosts which use a network device driver that pads ethernet frames with data which vary from one packet to another, likely taken from kernel memory, system memory allocated to the device driver, or a hardware buffer on its network interface card. Exploit uses scapy with either ICMP or ARP requests as this can trigger with either but ICMP can hit layer3 filtering rules. Using ARP the padding appears to leak only fixed constant values when exploited, ICMP leaks random bytes.
The vulnerability is caused do to an improper sanitization of the 'file' parameter when used for reading help files. An attacker can exploit this vulnerability by directly requesting a '.jsp' file for example in the root directory of the server to view its source code that might reveal sensitive information.
A denial of service vulnerability exists in Quick TFTP Server 2.2 due to a lack of proper input validation. An attacker can send a specially crafted packet with a large file name to the server, causing the application to crash.
Services By CQR