Alstrasoft ProTaxi Enterprise v3.5 is vulnerable to an arbitrary file upload vulnerability. An attacker can register as a passenger member and upload a malicious file via the 'My Profile upload photo.php' page. The malicious file is then accessible via the 'public/uploads/....php' path. If the attacker uploads a new file, the previous file is deleted.
Alstrasoft EPay Enterprise v5.17 Script is vulnerable to SQL Injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable web application. This can be done by sending specially crafted requests to the vulnerable web application. The vulnerable parameters are 'id' in userinfo.htm, products.htm and subscriptions.htm. An authentication bypass vulnerability is also present in the login.htm page, where attackers can set the Username and Password to 'or''=' and hit enter.
This exploit is a PoC for CVE-2017-0358 from Google Project Zero. It affects Debian 9/8/7, Ubuntu, Gentoo, and other systems. It was tested on Debian 9 (Stretch). The exploit creates kernel hijack directories, forges symlinks, pulls in dependencies, and builds a kernel module. The kernel module contains code to exploit the vulnerability and copy a shell to the /tmp directory, then remove the kernel module.
Multiple SQL Injections have been identified in Itech Multi Vendor Script version 6.49. These injections can be exploited by sending malicious payloads to the vulnerable parameters in the application. The payloads can be used to extract sensitive information from the database or to execute malicious code on the server.
This exploit is used to extract the username and password for the weblogin from a vulnerable Netwave IP Camera. The exploit uses the 'wget' command to download the /proc/kcore, /etc/RT2870STA.dat, /dev/rom0 and /get_status.cgi files from the camera. The strings command is then used to extract the username and password from the downloaded files.
SlimarUSER is a PHP user management system full with features. The system allows website owners to manage their own users with complete login, registration and many other features. It can be used on its own, or integrated into any existing PHP powered website. Sqlmap command: sqlmap.py -u "http://locahost/userman/inbox.php?p=view&id=7" --cookie="PHPSESSID=de3052c5dbb1d535d423ee1a2dbb076b; id=4; password=%242y%2410%24UuYt6q5GXU5UO37xc3j3GeN2ZM1hHB1sWqsAMs1DXAoeewSH.WYgq" --batch --random-agent --dbms=mysql Vulnerable Url: http://locahost/userman/inbox.php?p=view&id=[payload] Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: p=view&id=7' AND 6275=6275 AND 'DFYF'='DFYF Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: p=view&id=7' AND SLEEP(5) AND 'HCUm'='HCUm
SQL Injection vulnerability exists in Itech Travel Portal Script v9.35. An attacker can inject malicious SQL queries via the 'id' parameter in 'pages.php', 'content.php', 'faq_show.php' and 'showCity.php' scripts.
As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP (Real-time Kernel Protection), running in EL2. During the initialization of RKP, a special command can be issued by EL1 kernel in order to mark the RKP read-only page as such in the stage 2 translation table. This command, "rkp_set_init_page_ro" (command code 0x51) has the following approximate high-level logic: However, the function fails to validate the bounds of the given virtual address (or the resulting physical address). This means that an attacker can supply any arbitrary address and the function will accept it as valid input. Similarly, the implementation of "rkp_s2_page_change_permission" does not validate the bounds of the given physical address.
SQL Injection vulnerability exists in Itech Movie Portal Script v7.37. An attacker can inject malicious SQL queries via the 'fid', 'id', 'id' and 'id' parameters in 'faq_show.php', 'cms.php', 'show_news.php' and 'show_misc_video.php' scripts respectively.
A vulnerability exists in Itech Auction Script v6.49, which allows an attacker to inject arbitrary SQL commands via the 'pid' parameter in the 'list_photo.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Services By CQR