The application suffers from an unquoted search path issue impacting the services 'AppSpider REST Server', 'AppSpider REST Service' and 'AppSpiderUpgradeService' for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
This exploit allows an attacker to execute arbitrary code on a vulnerable Drupal installation. The vulnerability exists in the Coder module, which is used to review and audit code. The vulnerability is due to the lack of input validation when handling certain parameters. An attacker can craft a malicious payload and send it to the vulnerable server, which will then execute the code.
This exploit is a stack pivot to arbitrary code execution vulnerability in the PHP 7.0.33. It is possible to pivot the stack to an arbitrary address by using the libphp7 library. The exploit uses the libphp7 library to find the address of the buffer string, and then uses the libc library to find the address of the mprotect and mmap functions. It then uses the mprotect and mmap functions to map the buffer string to an executable memory page, and then uses the buffer string to execute arbitrary code.
This exploit is a privilege escalation vulnerability in the atrun program. It allows an attacker to overwrite the atrun program with a malicious script, which can be used to gain root privileges. The exploit works by overwriting the atrun program with a malicious script that copies a setuid shell to a temporary location and sets the setuid bit on the shell. The attacker can then execute the shell to gain root privileges.
Using 'downloadFile.php' file from 'sources' directory we can download any file. $_GET['sub'] and $_GET['file'] parameters vulnerable in readfile function.
It was discovered that WordPress Video Player is affected by multiple blind SQL injection vulnerabilities. Using these issues it is possible for a logged on Contributor (or higher) to extract arbitrary data (eg, the Administrator's password hash) from the WordPress database.
This exploit is used to enumerate user names against SSH daemons affected by CVE-2016-6210. It uses a paramiko library to send a large number of bytes to the SSH daemon as a password and collects samples to calculate a timing baseline for authenticating non-existing users. If the authentication time for a user is 3 times the baseline, it is assumed to exist.
Wowza Streaming Engine suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request seting the parameter 'accessLevel' to 'admin' gaining admin rights and/or setting the parameter 'advUser' to 'true' and '_advUser' to 'on' gaining advanced admin rights.
Services By CQR