This exploit allows an attacker to take over an administrator account in Joomla! versions 3.6.4 and below. The exploit works by sending two POST requests to the Joomla! registration form. The first request is sent with mismatched passwords, which is rejected by the server. The second request is sent with the same data, but with the passwords matching. This request is accepted by the server, and the attacker is able to take over the administrator account.
This exploit allows an attacker to create an admin account in Joomla! version 2.5.2 and below. The attacker can use a random username and email address, and a known password. The exploit works by sending two requests to the registration form, the first one with mismatched passwords and the second one with the correct password. This will create an admin account in the system.
This exploit abuses ld.so.preload overwriting to get root. It creates a shell and library, then creates an /etc/ld.so.preload file and triggers it to get root.
This module exploits a stack Buffer Overflow in the GCore server (GCoreServer.exe). The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 (Version 1.4.YYYYY).
Commit f86a374 in Screen version 4.05.00 (GNU) 10-Dec-16 allows an attacker to truncate any file or create a root-owned file with any contents in any directory and can be easily exploited to full root access in several ways.
This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
A vulnerability exists in Microsoft Remote Desktop for Mac that allows a remote attacker to execute arbitrary code on the target machine. User interaction is needed to exploit this issue, but a single click on a link (sent via mail, iMessage, etc.) is sufficient to trigger the vulnerability. The vulnerability exists to the way the application handles rdp urls. In the rdp url schema it's possible to specify a parameter that will make the user's home directory accessible to the server without any warning or confirmation request. If an attacker can trick a user to open a malicious rdp url, he/she can read and write any file within the victim's home directory.
It’s possible to execute arbitrary commands using login form because `exec()` function is used without `escapeshellarg()`. It's possible to bypass login form because function only check if `$_COOKIE['username']` and `$_COOKIE['isAdmin']` exist.
An attacker can cause DoS of the application which uses OpenJDK Runtime Environment 1.8 as its core runtime engine. An attacker can craft a malicious sequence of bytes that will cause JVM StackOverflowError in the standard Java deserialization process if it uses ObjectInputStream.readObject() method.
Microsoft power point allows users to insert objects of arbitrary file types, at presentation time these objects can be activated by mouse movement or clicking. If the user have JAVA (or python or similar interpreters) an attacker can insert jar file or py file into the presentation and trigger it when mouse moves, for easier exploitation the attacker can use ppsx file which will load automatically in presentation mode and once the user opens the file and moves mouse it will trigger the payload. To exploit this issue, an attacker can create a new power point presentation, insert object and choose 'create from file' and choose the jar payload, on the insert tab, click action and in both 'mouse over' and 'mouse click' tabs choose 'object action' and choose 'activate', scale the object to fit the whole slide so when the user opens the file it mouse will be over it, and just in case also if the user clicks it will open the jar file, and save the file as ppsx file.
Services By CQR