This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling.
A memory corruption vulnerability was found in Mac OSX Directory Service. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges. The issue existed in the directory server's handling of messages from the network.
ruubikcms is vulnerable to Path traversal vulnerability, when logged in with any user account, list of files and directory names present on server will be displayed by changing path in URL, this vulnerability exist in 'tinybrowser.php'. Also using the same vulnerability we can create folders on server with path of our choice!
A Denial of Service vulnerability exists in PEStudio Version 3.69 due to a memory corruption issue in the peparser.dll module. The vulnerability can be triggered by passing a specially crafted argument to the vulnerable function. This can result in a crash of the application.
An attacker might include local or remote PHP files or read non-PHP files with this vulnerability. User tainted data is used when creating the file name that will be included into the current file. PHP code in this file will be evaluated, non-PHP code will be embedded to the output. This vulnerability can lead to full server compromise.
A vulnerability was found in Exim by RedTeam Pentesting GmbH which allows for remote command execution. An exploit was written by eKKiM which allows for a PERL reverse shell to be uploaded to a webserver and executed. The PERL REVERSE SHELL MY_CONNECTBACK_IP and MY_CONNECTBACK_PORT must be edited and the PERL_SHELL variable must be set to the connectback script URL.
The Netgear RangeMax Wireless Router (model WPN824v3) allows to download the config file without authorization. The vulnerability can be exploited with your browser: http://[local-ip]/cgi-bin/NETGEAR_wpn824v3.cfg. If remote management is enabled: http://[remote-ip]:8080/cgi-bin/NETGEAR_wpn824v3.cfg
This exploit allows an attacker to remotely dump files from a Seowonintech router running firmware version 2.3.9 or lower. The exploit is written in Perl and uses the LWP::Simple module to connect to the router and retrieve the contents of the requested file. The exploit is triggered by passing the full path of the file to be dumped as an argument to the script.
This app is vulnerable to SQL injection and XSS. An attacker can use the UNION SELECT statement to inject malicious code into the login.php page and drop a web shell on the server. The web shell can be used to execute arbitrary commands on the server.
When ModSecurity receives a request body with a size bigger than the value set by the 'SecRequestBodyInMemoryLimit' and with a 'Content-Type' that has no request body processor mapped to it, ModSecurity will systematically crash on every call to 'forceRequestBodyVariable' (in phase 1).
Services By CQR