A PMA user is able to execute arbitrary PHP code on webserver by supplying user-supplied parameters "from_prefix" and "to_prefix" while logged in as valid PMA user and PHP version < 5.4.7.
There is a SQL injection vulnerability in the ITSM component of the Supportworks Application. The vulnerable file is calldiary.php found in the /reports folder of the webroot. The following URL demonstrates the issue: http://vulnhost.com/reports/calldiary.php?callref=VULN This attack can be used to take full control of the host by writing a php webshell document (using mysql 'into outfile') to the webroot.
This module exploits a vulnerability found in GroundWork 6.7.0. This software is used for network, application and cloud monitoring. The vulnerability exists in the monarch_scan.cgi, where user controlled input is used in the perl qx function, which allows any remote authenticated attacker, whatever his privileges are, to inject system commands and gain arbitrary code execution. The module has been tested successfully on GroundWork 6.7.0-br287-gw1571 as distributed within the Ubuntu 10.04 based VM appliance.
This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication.
Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. This module overwrites parts of the PPOE configuration, while the module tries to restore it after exploitation configuration backup is recommended.
VoipNow is commercial web GUI voip server manager, it's affected by local file inclusion vulnerability. The vulnerability exists in the /usr/local/voipnow/admin/htdocs/help/index.php file. Line 832 checks if the 'screen' parameter is set and not empty, and line 872 requires the file specified in the 'screen' parameter. An attacker can exploit this vulnerability by sending a crafted request to the server, such as https://target/help/index.php?screen=../../../../../../../../etc/voipnow/voipnow.conf, to gain shell access to the server via infecting Logs which located at /usr/local/voipnow/admin/logs/access.log.
Flightgear allows remote control through Property tree. It is vulnerable to remote format string vulnerability when some special parameters related with clouds are changed. To test this exploit, run Flightgear with remote input, for example: fgfs.exe --fg-root="C:Program FilesFlightGear 2.4.0data" --props=5501 --disable-real-weather-fetch or fgfs.exe --fg-root="C:Program FilesFlightGear 2.4.0data" --telnet=5501 --disable-real-weather-fetch
This exploit is used to inject malicious code into the Joomla component com_civicrm OpenFlashCart ofc_upload_image.php. The exploit is done by submitting a request to the URL with the malicious code in the post fields. The malicious code is then executed and a shell is uploaded to the target server.
This module triggers the windows socket error WSAEMSGSIZE (message to long) in the Mikrotik Syslog Server for Windows v 1.15 and crashes it. The long syslog message overwrite the allocated buffer space causing the socket error.
In vulnerable versions of nginx, null bytes are allowed in URIs by default (their presence is indicated via a variable named zero_in_uri defined in ngx_http_request.h). Individual modules have the ability to opt-out of handling URIs with null bytes. However, not all of them do; in particular, the FastCGI module does not.
Services By CQR