This module exploits a remote buffer overflow in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
This module exploits a remote buffer overflow in the ZENworks Configuration Management 10 SP2. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted packet with the opcode 0x21 (PROXY_CMD_FTP_FILE) to port 998/TCP. The module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and Windows Server 2003 SP2 (DEP bypass).
This module exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet. When processing task files, the Windows Task Scheduler only uses a CRC32 checksum to validate that the file has not been tampered with. Also, In a default configuration, normal users can read and write the task files that they have created. By modifying the task file and creating a CRC32 collision, an attacker can execute arbitrary commands with SYSTEM privileges.
This exploit allows an attacker to add an admin user to the Nwahy Articles V2.2 web application. The attacker can craft a malicious HTML page that contains a form with hidden fields that contain the username, password, email, site, name, and group type of the admin user. When the victim visits the malicious page, the form is automatically submitted and the admin user is added to the application.
The application is prone to a remote SQL injection vulnerability. An attacker can exploit this issue by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.
This exploit sends a POST request with a large amount of data to the server, causing it to crash.
A persistent web vulnerability is detected in the PBBoard v2.1.4 forum application. The bug allows remote attackers to implement/inject malicious script code on the application side (persistent). The persistent vulnerability is located in the add poll function when adding a thread. The malicious code can be injected in the `answer field`. The output listing page with the pool executed the malicious persistent script code (JS/HTML). Successful exploitation of the vulnerability can lead to stable (persistent) context manipulation. Exploitation requires low user inter-action.
Multiple persistent input validation vulnerabilities are detected in the VamCart v0.9 Content Management System. The bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). The persistent vulnerabilities are located in the manage accounts, manage coupons, view orders or order comments module(s) with the bound vulnerable parameters comment text, coupon code, title & name. Exploitation requires low user inter action & privileged application user account. Successful exploitation of the vulnerability can lead to session hijacking (admin) or stable (persistent) context manipulation.
CakePHP is vulnerable to XML eXternal Entity injection. The class responsible for building XML (it uses PHP SimpleXML) does allow local file inclusion.
A vulnerability exists in the Diary/Notebook Site5 Wordpress Theme which allows an attacker to send spoofed emails. This vulnerability is due to the lack of proper validation of the sender's email address in the sendmail.php script. An attacker can exploit this vulnerability by sending a crafted POST request to the sendmail.php script with a spoofed email address as the sender. This can be used to send malicious emails to unsuspecting users.
Services By CQR