Grails PDF Plugin 0.6 is vulnerable to XML External Entity (XXE) injection. An attacker can send a maliciously crafted PDF file to the application, which can then be used to read arbitrary files on the server or perform remote requests.
Login as regular user and inject malicious SQL code in the URL parameters of the vulnerable Joomla! Component JomSocial, such as http://localhost/[PATH]/groups/?IhsanSencan=[SQL], http://localhost/[PATH]/videos/?IhsanSencan=[SQL], http://localhost/[PATH]/events/?IhsanSencan=[SQL].
A SQL injection vulnerability exists in Joomla! Component Spinner 360 v1.3.0. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerability is located in the 'Ihsan_Sencan' parameter of the '/spinner-360' page when processing a GET request method.
A SQL injection vulnerability exists in Joomla! Component My MSG v3.2.1. An attacker can exploit this vulnerability to inject malicious SQL queries into the application. This can be done by sending a specially crafted HTTP request to the vulnerable application. Successful exploitation of this vulnerability can allow an attacker to gain access to sensitive information stored in the database.
A SQL injection vulnerability exists in Joomla! Component Appointments for JomSocial v3.8.1, which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'viewappointment' and 'edit' scripts. An attacker can use this vulnerability to gain access to sensitive information from the database.
This module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.imss endpoint takes several user inputs and performs blacklisting. After that it use them as argument of predefined operating system command without proper sanitation. However,due to improper blacklisting rule it's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue. This module was tested against IMSVA 9.1-1600.
A SQL injection vulnerability exists in Joomla! Component Gnosis v1.1.2. An attacker can send a malicious SQL query to the vulnerable application in order to gain access to unauthorized information. The vulnerable parameter is the 'id' parameter which can be found in the URL when viewing a tag. An attacker can inject malicious SQL code into the 'id' parameter in order to execute arbitrary SQL commands.
NetgearPwn_2.py is a python script that provides access to default user account, privileges can be easily elevated by using either a kernel exploit (ex. memodipper was tested and it worked), by executing /bin/bd (suid backdoor present on SOME but not all versions) or by manipulating the httpd config files to trick the root user into executing code.
A proof-of-concept local root exploit for CVE-2017-6074. Includes a semireliable SMAP/SMEP bypass. Tested on 4.4.0-62-generic #83-Ubuntu kernel.
A trigger for CVE-2017-6074, crashes kernel. Tested on 4.4.0-62-generic #83-Ubuntu kernel.
Services By CQR