This exploit is based on an exploit by Blake and Dhruval. It was found by Securityxxxpert and is an improvement on the original exploit. It has lots of room for shellcode as opposed to the original exploit.
The form does not properly sanitize input fields, allowing for XSS. Example: <script>alert('xss')</script> XSS will fire when the admin views the lead management page if the javascript is included in the name, otherwise the javascript can be included in the 'requirements' field and will fire when an admin 'picks' the lead.
Tickets CAD 2.20G is vulnerable to multiple vulnerabilities including Reflective/Stored XSS, information disclosure and CSRF. While logged in even with the default guest/guest credentials, the guest user is able to store and execute arbitrary JavaScript code withing the application. Information disclosure also exist, the application does not properly check which user is currently logged in. Finally CSRF is also possible within the Tickets CAD application which allows an attacker to successfully add an admin account.
This exploit is a Remote Blind SQL Injection exploit for the Islamnt software. It is based on a vulnerability in the class/class.template.php file, where the $style_default variable is not properly sanitized. This allows an attacker to inject malicious SQL code into the query, which can be used to extract sensitive information from the database.
The SCTP implementation used by FreeBSD (“reference implementation”) is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. If the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialised, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control().
This module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The show_daemon_xml_configs() function in the 'ZenossInfo.py' script calls Popen() with user controlled data from the 'daemon' parameter.
This module exploits a vulnerability found in Dell SonicWall Scrutinizer. While handling the 'q' parameter, the PHP application does not properly filter the user-supplied data, which can be manipulated to inject SQL commands, and then gain remote code execution. Please note that authentication is NOT needed to exploit this vulnerability.
This module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
A vulnerability in Am4ss version 1.2 and below allows an attacker to inject malicious PHP code into the application. The vulnerability is due to insufficient input validation when handling user-supplied data. An attacker can exploit this vulnerability to inject malicious PHP code into the application, which can be used to gain access to the system.
XSS Stored [1]: An attacker can register and login to the application, create a ticket and add malicious HTML or JavaScript code. The malicious code will be stored in the application and can be accessed by visiting the tickets page. XSS Stored [2]: An attacker can register and login to the application, create a ticket and change the data using Tamper Data. The malicious code will be stored in the application and can be accessed by visiting the tickets page. XSS Reflected [1]: An attacker can send a malicious request to the application which will reflect the malicious code on the response page.
Services By CQR