This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval.
A bug in CGI scrypts for develop leads to a web service buffer overflow and a stop of the web service, resulting in the device rebooting. The exploit is triggered by sending a request to the link http://IP/cgi-bin/videoStream.cgi?userName= or http://IP/cgi-bin/image.cgi?userName= with a payload of 1072 symbols of 'A'. Affected versions are 1.6.0902.0000.3.0.29.0.0, 1.6.0802.0000.0.0.2906.1.0, 2.0.0601.1002.3.0.56.0.1_TD, 2.0.0801.1002.1.1.125.0.0, and 2.0.0601.1002.3.0.33.0.12.
Allows attacker with physical access to VDI to bypass authentication requirement. Citrix Receiver and/or Desktop Lock for Mac OSX and Windows suffer from a local incorrect access control. To exploit this: 1. An attacker would first identify a VDI with a logged in user, which has been locked. 2. The attacker then proceeds to disconnect the system from the network temporarily (removing and reinserting the LAN cable is enough). 3. Citrix Receiver then proceeds to unlock the session and allows the attacker full access to the connected user's account without confirming the user's identity.
A specially crafted webpage can cause Microsoft Internet Explorer 9 to reallocate a memory buffer in order to grow it in size. The original buffer will be copied to newly allocated memory and then freed. The code continues to use the freed copy of the buffer. An attacker would need to get a target user to open a specially crafted webpage. Disabling JavaScript should prevent an attacker from triggering the vulnerable code path. If an attacker was able to cause MSIE to allocate 0x40 bytes of memory and have some control over the contents of this memory before MSIE reuses the freed memory, there is a chance that this issue could be used to execute arbitrary code.
A PHP object injection vulnerability exists in multiple widget files due to the unsafe use of the unserialize() function. The affected files include flow_chart.php, gauge.php, honeypot.php, image.php,inventory.php, otx.php, rss.php, security.php, siem.php, taxonomy.php, tickets.php, and url.php. An authenticated attacker could send a serialized PHP object to one of the vulnerable pages and potentially gain code execution via magic methods in included classes.
This exploit is for FreefloatFTPserver1.0 which is vulnerable to remote code execution. The exploit is triggered by sending a specially crafted 'dir' command to the FTP server, which contains an overflow of 247 'A' characters followed by a return address and shellcode. This causes the return address to be overwritten with the address of the shellcode, which is then executed.
A stored XSS vulnerability exists in the User-Agent header of the login process. It's possible to inject a script into that header that then gets executed when mousing over the User-Agent field in Settings -> Current Sessions. The POC uses jQuery to send all session IDs on the "Current Sessions" page to an arbitrary site (Google, in this case).
PCMan's FTP Server 2.0.7 is vulnerable to a buffer overflow attack when a long string is sent to the UMASK command. This can be exploited to execute arbitrary code by sending a specially crafted string to the vulnerable server.
This PoC exploit allows attackers to (instantly) escalate their privileges from mysql system account to root through unsafe error log handling. The exploit requires that file-based logging has been configured (default). To confirm that syslog logging has not been enabled instead use: grep -r syslog /etc/mysql which should return no results.
This exploit is a PoC exploit for CVE-2016-6663 and OCVE-2016-5616 which is a privilege escalation vulnerability in MySQL/PerconaDB/MariaDB. It was discovered and coded by Dawid Golunski and is meant for testing purposes only.
Services By CQR