Linksys WVBR0 25 is vulnerable to command injection due to improper input validation. An attacker can send a malicious HTTP request with a crafted User-Agent header to exploit this vulnerability. This can allow an attacker to execute arbitrary commands on the vulnerable system.
Unsafe usage of PHP’s unserialize() on user-supplied input allows an unauthenticated attacker to delete arbitrary files and, under certain circumstances, execute arbitrary code on a vBulletin installation.
vBulletin contains a vulnerability that can allow a remote attacker to include any file from the vBulletin server and execute arbitrary PHP code. An unauthenticated user is able to send a GET request to /index.php which can then trigger the file inclusion vulnerability with parameter routestring=.
description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
This exploit uses ld.so.preload technique to tamper with /etc/ld.so.preload and launch a rootshell. It is a shared library and a running executable at the same time. It was tested with the latest commit 699ab75654ad5ab7b48b067a2679c544cc8725f6.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/index.php/component/myproject/VerAyari[SQL] 'and%20(select%201%20from%20(select%20count(*)%2cconcat((select(select%20concat(cast(database()%20as%20char)%2c0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200%2c1)%2cfloor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)%20AND%20''='
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?option=com_userbench&view=detail&userid=[SQL] %20AND(SELECT%201%20FROM%20(SELECT%20COUNT(*)%2cCONCAT((SELECT(SELECT%20CONCAT(CAST(DATABASE()%20AS%20CHAR)%2c0x7e%2c0x496873616e53656e63616e))%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema=DATABASE()%20LIMIT%200%2c1)%2cFLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.TABLES%20GROUP%20BY%20x)a)
This module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely.
The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely.
Services By CQR