This exploit allows an attacker to bypass the disable_functions directive in PHP by using the Imagick extension. The exploit creates a malicious Imagick script which contains a command that is executed when the script is processed. The output of the command is then written to a file which is then read and displayed by the exploit.
A non-persistent XSS in GET param is available in the ipinfo.cgi. The injection can be URLencoded with certain browsers or blocked with Anti-XSS engine. This XSS works on IE and affect IPFire version < 2.19 Core Update 101.
This exploit is a stack buffer overflow vulnerability in the Threaded USENET news reader version 3.6-23. It allows an attacker to execute arbitrary code by overflowing a buffer and overwriting the return address. The exploit uses a NOP sled, shellcode, and an EIP address to achieve this.
Multiple vulnerabilities in the HSPA 3G10WVE wireless router enable an anonymous unauthorized attacker to 1) bypass authentication and gain unauthorized access of router's network troubleshooting page (ping.cgi) and 2) exploit a command injection vulnerability on ping.cgi, which could result in a complete system/network compromise.
A remote unauthenticated attacker can insert malicious content in a CMS Made Simple installation by poisoning the web server cache when Smarty Cache is activated by modifying the Host HTTP Header in his request. The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g. if several domains are served by the same web server). This can lead to phishing attacks because of the modification of the site's links, defacement or Cross-Site-Scripting attacks by a lack of filtering of HTML entities in $_SERVER variable.
For enter, simply enter the following code http://server/admin/adminhome.php?tmp=1. For each page is enough to add the following code to the end of url example see page members: http://server/admin/members.php?tmp=1 or add a new news: http://server/admin/hot_news_menu.php?tmp=1 or edit news: http://server/admin/edit_hot_news.php?hotnewsid=44&tmp=1
This vulnerability allows an attacker to gain root privileges on a device running Qualcomm's Secure Execution Environment (QSEE). This is achieved by using the PRDiag* commands, which are accessible to any application running in the QSEE environment.
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions).
A first flaw exists in the way Acunetix render some html elements inside gui, in fact it uses jscript.dll without any concert about unsafe ActiveX object such as WScript.shell. If acunetix trigger a vulnerability during a scan session it saves a local html with the content of html page, so is possibile to trigger a fake vulnerability and insert a js which trigger the remote command execution. The second flaw it's about the Acunetix scheduler, the scheduler just allow to scan websites programmatically without any user interaction, is possible to schedule scan via the web interface on 127.0.0.1:8183. With this two flaws in mind, it is possible to obtain RCE via a meterpreter shell, however there are some requirements: 1) Target must have VBS script interpreter installed 2) Target must have Acunetix WVS 10 installed 3) Target must have Acunetix Scheduler enabled.
Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.
Services By CQR