nconf can modify the config file of nagios and save it to the server, but haven't check the file's direction and name, so we can read and write any files in the server under the privileges of apache. An attacker can send a POST request with the directory and filename to read the file or directory, or change the directory or filename. If the filename is null, the attacker can get a list of the directory. An attacker can also send a POST request with the directory, filename, action, and content to write the content into the file. If the magic_quote is on, the attacker must pay attention to the ' and ".
This module uses the Jenkins Groovy script console to execute OS commands using Java.
Two files, detail.php and detail_admin_items.php, are vulnerable to blind SQL injection. An attacker can use SQLMap to exploit the vulnerability by providing the URL and the parameter to inject. The back-end DBMS is MySQL 5.0.11 and the web application technology is PHP 5.3.3 and Apache 2.2.15.
The Aloaha Credential Provider Service is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' group, for the 'AloahaCredentialProviderService.exe' binary file. The service was shipped with Aloaha PDF Saver and possibly every SmartCard Software package from Aloaha. The files are installed in the 'Wrocklage' directory which has the Everyone group assigned to it with full permissions making every single file inside vulnerable to change by any user on the affected machine. After you replace the binary with your rootkit, on reboot you get SYSTEM privileges.
The attacker can access to the database & get username & password ....... & disclosure the Full Path. The exploit involves accessing the index.php and installer.php files and injecting malicious code into the config.php file.
This exploit allows an attacker to upload a shell to a vulnerable Joomla website using the com_collector component. The attacker can use the Google dork [inurl:index.php?option=com_collector] to find vulnerable websites. The attacker can then add the part 'index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1' to the vulnerable website URL and upload a shell as 'shell.php'.
This exploit allows an attacker to gain remote root/SYSTEM access to a vulnerable SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x system. The exploit works by uploading a malicious JSP shell to the vulnerable system and then executing it. The attacker can then use the shell to execute arbitrary commands on the system.
A code execution vulnerability exists in php-chart_v1.0 due to improper input validation. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
Invision Gallery version 2.0.5 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'img' parameter in the 'site/index.php?automodule=gallery&cmd=si&img=[SQL]' or 'site/act=module&module=gallery&cmd=si&img=[SQL]' URL. This can be exploited to bypass authentication, access, modify or delete data from the database.
This module abuses a command injection vulnerability in the Nagios3 history.cgi script.
Services By CQR