This module exploits an authentication bypass vulnerability in Meteocontrol WEBLog (all models). This vulnerability allows extracting Administrator password for the device management portal.
A POST request to the /admin/default/pack_custom/[applicationname] URI with the file parameter set to /etc/passwd can be used to exploit the vulnerability. Authentication is required as an administrator. The application will prompt the user to download a file with a w2p extension. This file can be unpacked using the web2py-unpacker tool to gain access to the etc folder and the passwd file.
The game executable is prone to an unquoted path vulnerability. When you go to the in-game store it fail to quote the following command which is used multiple times: C:/Program Files (x86)/Steam/steamapps/common/HEX SHARDS OF FATE/Hex_Data/StreamingAssets/uWebKit/Windows/x86/UWKProcess.exe -parentpid 5808 -processdb QzovVXNlcnMvVXRpbGlzYXRldXIvQXBwRGF0YS9Mb2NhbExvdy9IRVggRW50ZXJ0YWlubWVudC9IZXgvdVdlYktpdFByb2Nlc3MuZGI=. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
Microsoft Office is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application.
eXtplorer unzip/extract feature allows for path traversal as decompressed files can be placed outside of the intended target directory, if the archive content contains "../" characters. This can result in files like ".htaccess" being overwritten or RCE / back door exploits.
Multiples Nexon Game, including but not limited to Dirty Bomb and Counter-Strike Nexon : Zombies, are Prone to unquoted path vulnerability. They fail to quote correctly the command that call for BlackXcht.aes, which is a part of the anti-cheat system (Nexon Game Security). This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
CakePHP Framework contains a vulnerability that allows to spoof the source IP address. This can allow to bypass access control lists, or injection of malicious data which, if treated as sanitized by an unaware CakePHP-based application, can lead to other vulnerabilities such as SQL injection, XSS, command injection etc.
The argv[1] parameter is passed unsanitized to a sprintf function which sends the formatted output to the cmd variable, which is later passed as a parameter to a run_cmd function on line 14.
NRSS is a console based RSS reader allowing uses to read and manage RSS feeds. A stack-based buffer overflow vulnerability exists in NRSS Reader v0.3.9-1, which allows an attacker to execute arbitrary code by sending a specially crafted input. The vulnerability is due to a lack of proper boundary checks when handling user-supplied data. An attacker can exploit this vulnerability by sending a specially crafted input to the vulnerable application, which can result in arbitrary code execution.
Huge-IT Image Gallery is the best plugin to use if you want to be original with your website. Full Path Disclosure can be exploited by sending a request to http://[target]/wp-content/plugins/gallery-images/gallery-images.php. SQL Injection can be exploited by sending a payload of '123.123.123.123' AND (SELECT * FROM (SELECT(SLEEP(5)))suRI) AND 'uDsL'='uDsL' in the headers X-Forwarded-For and Client-Ip. The 'galleryid' must be configured or try another id and the 'task' parameter can be: load_images_content, load_images_lightbox, load_image_justified, load_image_thumbnail, load_blog_view. Client-Ip overwrites X-Forwarded-For and some systems drop those headers.
Services By CQR