This module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access.
This module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.
Input passed via the 'ProjDesc' parameter in 'broadWeb/include/gAddNew.asp' (when tableName=pProject set) page is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
E SMS Script is vulnerable to multiple SQL injection vulnerabilities. An attacker can bypass authentication by sending a specially crafted request to the adminlogin.php page. An attacker can also perform a blind SQL injection attack by sending a specially crafted request to the smscollection.php page.
Foxit Reader is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the application.
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Nexpose Security Console 5.5.3 and below allow remote attackers to submit actions on a legitimate user’s behalf. By not properly checking each URL, an attacker can execute requests on behalf of a legitimate user. If an authenticated user is tricked into visiting a specially crafted page, it may be possible to perform user-initiated actions on the web application using the victim’s established session. Successful exploitation of this vulnerability resulted in deleting scan data and sites during the proof-of-concept.
This exploit is a proof of concept for a denial of service vulnerability in FoxPlayer version 2.9.0. The exploit creates a malicious .m3u file containing 5000 'A' characters, which can be used to crash the application when opened.
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In version 2.0.1 of the distribution, differents vulnerabilities XSS & CSRF RCE reverse root shell can be used. Potential XSS protected with CSRFMagic with information disclosure is present in the file /usr/local/www/progress.php lines 21-30. Potential CSRF with RCE reverse root shell is present in the file /usr/local/www/diag_command.php lines 28-30.
The vulnerable code lies in profilewfc.php, where the input is not sanitized. To exploit the Persistent XSS, the user must go to their user cp and edit their profile, entering a malicious script into the 'Wii Friend Code' box. To exploit the SQL Injection, the user must enter 'x', usergroup='4' into the 'Wii Friend Code' box. This will allow the user to belong to whatever usergroup they choose.
This module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.
Services By CQR