This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user 'root', leaving an empty password.
This exploit allows an attacker to inject arbitrary commands into the HP iMC Plat 7.2 dbman Opcode 10008, which can be used to execute arbitrary code on the vulnerable system. The exploit creates a file 'C:10008.txt' on the vulnerable system.
A buffer overflow vulnerability exists in the Player.m3u file when a maliciously crafted file is opened. The vulnerability is caused by the lack of proper validation of the size of user-supplied data before copying it to a fixed-length buffer. An attacker can exploit this vulnerability by creating a specially crafted Player.m3u file and sending it to the victim. When the victim opens the file, the attacker can execute arbitrary code on the victim's system.
Identifying woo commerce theme pluging properly sanitized against Directory Traversal,even the latest version of WordPress with woocommerce can be vulnerable.
A vulnerability in HPE Intelligent Management Center (iMC) PLAT prior to version 7.3 E0504 allows an authenticated remote attacker to execute arbitrary commands with root privileges. The vulnerability exists due to insufficient validation of user-supplied input in the dbman Opcode 10007. An attacker can exploit this vulnerability by sending a specially crafted packet to the dbman service on port 2810/TCP. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands with root privileges.
The NBD spec says a client can request export names up to 4096 bytes in length, even though they should not expect success on names longer than 256. However, qemu hard-codes the limit of 256, and fails to filter out a client that probes for a longer name; the result is a stack smash that can potentially give an attacker arbitrary control over the qemu process. The smash can be easily demonstrated with a client command. If the qemu NBD server binary was compiled with -fstack-protector-strong, the ability to exploit the stack smash into arbitrary execution is a lot more difficult, but still theoretically possible to a determined attacker.
pfSense, a free BSD based open source firewall distribution, version <= 2.3.1_1 contains a remote command execution vulnerability post authentication in the system_groupmanager.php page. Verified against 2.2.6 and 2.3.
This exploit is related to a vulnerability in the Windows Warbird driver. The vulnerability is caused by a lack of proper validation of user-supplied input, which can be exploited to execute arbitrary code with elevated privileges. The exploit involves sending a specially crafted DeviceIoControl request to the driver, which will then execute the supplied shellcode with elevated privileges.
osCommerce does by default not allow Users to upload arbitrary files from the Admin Panel. However, any user being privileged enough to send newsletters can exploit an objection injection in the osCommerce core to upload any file, allowing the user to gain shell access. The user does not need to be an administrator, any account with access to the newsletters will do.
User controlled input is not sufficiently sanitized, and then passed to execve function. Successful exploitation of this vulnerability enables a remote unauthenticated user to run commands as root on the machine. The vulnerable parameter can be found in /webman/modules/StorageManager/smart.cgi with parameter action=apply&operation=quick&disk=%2Fdev%2Fsda. Proof of Concept is an IDOR to bypass authentication and ticks to chain commands.
Services By CQR