Atlassian Confluence version 5.9.12 is vulnerable to persistent cross-site scripting (XSS) because it fails to securely validate user controlled data, thus making it possible for an attacker to supply crafted input in order to harm users. The bug occurs at pages carrying attached files, even though the attached file name parameter is correctly sanitized upon submission, it is possible for an attacker to later edit the attached file name property and supply crafted data (i.e HTML tags and script code) without the occurrence of any security checks, resulting in an exploitable persistent XSS.
Kaspersky Lab stores the private key for the local root in %ProgramData%. The filesystem ACLs should have allowed access, but the filter driver denies access from their PFLT_POST_OPERATION_CALLBACK after checking the Irpb. This is trivial to exploit, any unprivileged user can now become a CA.
This PoC exploit aims to execute a reverse shell on the target in the context of the web-server user via vulnerable PHP email library.
The Device DPC3941T is vulnerable to CSRF and has no security on the entire admin panel for it. A simple HTML page with javascript on which the attacker lures the victim can be used to change state in the application.
SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to several parameters. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. The WAF was bypassed via form-based CSRF.
Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities. Input passed via the GET parameters 'searchBySonicwall', 'firstChangeOrderID', 'secondChangeOrderID' and 'coDomainID' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Wordpress Slider Templatic Tevolution <= 2.3.6 suffers from file upload vulnerability. Tevolution is not available for sale, it comes bundled with certain premium themes from templatic. Proof of Concept: curl -k -X POST -F "file=@./ina.txt" http://VICTIM/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php Uploaded file location: Because this vulnerability plugin bundled with some premium themes from templatic, the location will be depends on the themes' name. ex: http://VICTIM/wp-content/themes/Directory/images/tmp/ina.txt
Exploiting PHPMail with back connection (reverse shell) from the target. Usage: 1 - Download docker vulnerable enviroment at: https://github.com/opsxcq/exploit-CVE-2016-10033 2 - Config your IP for reverse shell on payload variable 4 - Open nc listener in one terminal: $ nc -lnvp <your ip> 3 - Open other terminal and run the exploit: python3 anarcoder.py Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU Full Advisory: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
Any remote user can access to the victim server trough a SQLI Blind Injection on a component of aweb_cartwatching_system and aweb_cart_autosave. This the code that has the parameters with the parameters not sanitized. The proof of concept is an option=com_virtuemart&view=categorysearch' RLIKE (SELECT * FROM (SELECT(SLEEP(5)))sgjA) AND 'jHwz'='jHwz&task=smartSearch which works and allows access to every database on the client system launching other queries.
A vulnerability in SwiftMailer <= 5.4.5-DEV allows attackers to inject malicious parameters into the sendmail command, which can be used to write a malicious payload into a file. The payload is passed in the body of the message and the resulting file will contain the payload. The /var/www/cache directory must be writable by the web user for the exploit to work.
Services By CQR