The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'id' of the 'index.php' file.
This exploit allows an attacker to execute arbitrary commands on a vulnerable Oracle WebLogic Server instance. The vulnerability exists due to the lack of proper input validation in the WebLogic Server's 'CoordinatorPortType' SOAP service. An attacker can exploit this vulnerability by sending a specially crafted SOAP request containing malicious Java code to the vulnerable service. This code will be executed on the server with the privileges of the WebLogic user.
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. To exploit this vulnerability, an attacker needs to issue a malicious-crafted payload in the HTTP Response Header. A successful attack could result in code execution on the victim computer.
Netcore/Netdis routers have a wide open backdoor that allows attackers to gain access to the device. The backdoor is located on UDP port 53413 and can be exploited by sending a specially crafted packet to the device. This vulnerability was discovered by Trend Micro and was assigned CVE-2015-2051.
This exploit allows an attacker to bypass authentication on FortiGate OS Version 4.x up to 5.0.7 by using a custom handler to generate a valid authentication token. The exploit uses a hardcoded key to generate the token, which is then used to authenticate the user.
Apache Struts2 S2-033 is a remote code execution vulnerability that allows an attacker to execute arbitrary code on the vulnerable server. The vulnerability is caused by the improper handling of the '#_memberAccess' parameter in the Struts2 framework. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious code in the '#_memberAccess' parameter. This will allow the attacker to execute arbitrary code on the vulnerable server.
The vulnerability lies in the `gettextfile(remotefile, localfile = File.basename(remotefile))` method. When looking at the source code, you'll note that the `localfile` value will trigger command execution if the value is `| os command`. In general use, most users would likely provide their own localfile value and would not rely on the default of `File.basename(remotefile)`; however, in some situations, such as listing and downloading all files in a FTP share, the remotefile value would be controlled by the remote host and could thus be manipulated into causing RCE.
We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory system call (information class 2, MemoryMappedFilenameInformation). The vulnerability affects Windows 7 to 10, 32-bit and 64-bit. An example of an output region is shown below, where we can observe a kernel-mode address (fffff8a0`01a78020) of the textual string that follows the UNICODE_STRING, at offset 0x8. This means that the entire original kernel-mode structure is copied to ring-3, and then later the client's UNICODE_STRING.Buffer pointer is fixed up to point into the userland string. This condition could be referred to as a "double write" (as opposed to double fetch), where the kernel first copies some sensitive/confidential data into user-mode, and then later overwrites it with a pointer to the same data.
Ability Mail Server 3.3.2 has Persistent Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email.
The customized webserver used by iChannel is based on an outdated and vulnerable version of WestWind Webserver. This page is available, unauthenticated, to a malicious attacker. By visiting this link, the attacker can access the webserver configuration edit page. This page reveals sensitive information, allows for alteration of the webserver configuration, upload/modification of the server's configuration and can result in a Denial of Service attack by deleting the configuration.
Services By CQR