An attacker can upload malicious files to the vulnerable Wordpress wp-gpx-map version 1.1.21 by accessing the URL http://my-site.com/wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php?realGpxPath=.&target_path=.&gpxRegEx=// and changing the file path with target_path.
This module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.
This module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.
FreePost 0.1 R1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The attacker can also inject malicious code into the database and execute it. The exploit involves sending a crafted SQL query to the vulnerable application. The query contains a UNION SELECT statement that allows the attacker to extract data from the database.
By sending a special request to the IIS 6.0 Service running PHP the attacker can successfully bypass access restrictions. An attacker can access PHP files in the password protected directory and execute them without supplying proper credentials. Example request (path to the file): /admin::$INDEX_ALLOCATION/index.php IIS/6.0 will gracefully load the PHP file inside the 'admin' directory if the ::$INDEX_ALLOCATION postfix is appended to directory name. This can result in accessing administrative files and under special circumstances execute arbirary code remotely.
dailyinput Movie-Addon is a Addon for the Webspell Web Application the Content Management System. In this Addon we found a Remote SQL Injection vulnerability.The Movie file is Vulnerable and a high risk Bug.The Vulnerability is Not fixed from the coder.The most Webspell Webapplication has a Security System in the Webspell core self.You must bypass the core from Webspell Security System (globalskiller).
This module exploits a remote code execution vulnerability in the tsgetx71ex553.dll ActiveX control installed with Tom Sawyer GET Extension Factory due to an incorrect initialization under Internet Explorer. While the Tom Sawyer GET Extension Factory is installed with some versions of VMware Infrastructure Client, this module has been tested only with the versions installed with Embarcadero Technologies ER/Studio XE2 / Embarcadero Studio Portal 1.6. The ActiveX control tested is tsgetx71ex553.dll, version 5.5.3.238. This module achieves DEP and ASLR bypass using the well known msvcr71.dll rop chain. The dll is installed by default with the Embarcadero software, and loaded by the targeted ActiveX.
A vulnerability exists in phpAcounts v.0.5.3 which allows an attacker to bypass authentication and upload a malicious file. The letterhead image upload does not sanitize file extensions, allowing an attacker to upload a malicious file. The attacker can then access the shell by accessing the URL http://server/phpaccounts/users/1/<filename> and execute arbitrary commands.
This module exploits a vulnerability in the CNC_Ctrl.dll ActiveX installed with the Samsung NET-i viewer 1.37. Specifically, when supplying a long string for the fname parameter to the BackupToAvi method, an integer overflow occurs, which leads to a posterior buffer overflow due to the use of memcpy with an incorrect size, resulting in remote code execution under the context of the user.
This module can be used to execute arbitrary code on IIS servers that expose the /msadc/msadcs.dll Microsoft Data Access Components (MDAC) Remote Data Service (RDS) DataFactory service. The service is exploitable even when RDS is configured to deny remote connections (handsafe.reg). The service is vulnerable to a heap overflow where the RDS DataStub 'Content-Type' string is overly long. Microsoft Data Access Components (MDAC) 2.1 through 2.6 are known to be vulnerable.
Services By CQR