This exploit requires the user to be the Apache user, or another capable of running lxsuexec. The exploit sets the MUID and GID to the LXLABS user, and sets the TARGET to /bin/sh. It then creates a file called w00trc in the /tmp directory, and a file called lol in the /tmp directory. Finally, it runs lxsuexec on the lol file.
GetSimpleCMS Version 3.2.1 suffers from arbitrary file upload vulnerability which allows an attacker to upload a HTML page. The main reason of this vulnerability is that the application uses a blacklist technique to compare the file aganist mime types and extensions. For exploiting this vulnerability we will create a file with mutiple extensions for example 'exploit.html.fr'. The application will check the mime type and extension of the file which is 'fr' aganist the blacklist array mime type and extensions. and ofcourse 'fr' extension won't be in the blacklist array so the application will upload it successfully. The uploaded file will be under the 'data/uploads/' folder.
Lan Messenger Version 1.2 is vulnerable to a buffer overflow vulnerability when a user pastes a string of 2000 'A' characters into the Public Chat's send PM section or in any window for sending PM to others.
MoinMoin is a popular wiki software written in Python. A vulnerability exists in the software which allows an attacker to execute arbitrary commands on the server. This exploit is achieved by sending a specially crafted request to the server which contains malicious code. The code is then executed on the server, allowing the attacker to gain access to the system.
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in b2evolution, which can be exploited to alter SQL requests passed to the vulnerable application's database. A remote authenticated administrator can execute arbitrary SQL commands in application's database. Depending on database and system configuration, PoC code below will create a "/tmp/file.txt" file, containing MySQL version. This vulnerability is also exploitable via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks.
During a penetration test a typical misconfiguration was found in the way Dovecot is used as a local delivery agent by Exim. A common use case for the Dovecot IMAP and POP3 server is the use of Dovecot as a local delivery agent for Exim. The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability in Exim.
This module exploits a buffer overflow in Audio Code 0.8.18. The vulnerability occurs when adding an .m3u, allowing arbitrary code execution with the privileges of the user running AudioCoder. This module has been tested successfully on AudioCoder 0.8.18.5353 over Windows XP SP3 and Windows 7 SP1.
The Huawei SNMPv3 service running on the affected devices is vulnerable to multiple stack-based buffer overflow issues. These vulnerabilities can be exploited by unauthenticated remote attackers. The issues concern Huawei implementation of the SNMPv3 User-based Security Model (USM [1]). Strictly speaking, attackers can overflow the 'AuthoritativeEngineID' and 'UserName' SNMPv3 USM fields. The vulnerabilities we identified can be classified according to the exploitation context: some issues can be triggered only when SNMP debugging is enabled, while others are exploitable in the default device configuration.
This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CGenericElement object is freed, but a reference is kept on the Document and used again during rendering, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user.
Reflected XSS + LFI Bugs in the Cisco, Linksys E4200 Wireless Router Firmware Version: 1.0.05 build 7 were discovered by our Researchers in January 2013 and finally acknowledged by Linksys in April 2013. The Vendor is unable to Patch the Vulnerability in a reasonable timeframe. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
Services By CQR