Misfortune Cookie is a critical vulnerability that allows an intruder to remotely take over an Internet router and use it to attack home and business networks. With a few magic cookies added to your request, an intruder can bypass any authentication and browse the configuration interface as admin, from any open port.
It was discovered that EMC M&R (Watch4net) does not protect against Cross-Site Request Forgery (CSRF) attacks. A successful CSRF attack can compromise end user data and may allow an attacker to perform an account hijack. If the targeted end user is the administrator account, this results in a full compromise of Watch4net.
This bug was found using the portal with authentication as administrator. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application. It is possible to inject SQL code in the variable 'quicksearch_mod_profile_Field' on the page '/modules/profile/admin/field.php'.
A signedness vulnerability (CVE-2016-3074) exist in libgd 2.1.1 which may result in a heap overflow when processing compressed gd2 data. 4 bytes representing the chunk index size is stored in a signed integer, chunkIdx[i].size, by `gdGetInt()' during the parsing of GD2 headers. A size of <= 0 results in `compMax' retaining its initial value during the loop, followed by it being incremented to 1. Since `compMax' is used as the nmemb fpr `gdCalloc()', a heap overflow will occur.
This module exploits an arbitrary file upload vulnerability found in Advantech WebAccess 8.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebAccess Dashboard Viewer. Insufficient validation within the uploadImageCommon function in the UploadAjaxAction script allows unauthenticated callers to upload arbitrary code (instead of an image) to the server, which will then be executed under the high-privilege context of the IIS AppPool.
Yasr is a general-purpose console screen reader for GNU/Linux and other Unix-like operating systems. This exploit is for educational purposes only. It uses a buffer overflow vulnerability to execute a shellcode. The exploit consists of a junk of 298 bytes, a shellcode of 28 bytes, 12 NOPs and an EIP of 4 bytes.
This exploit is a proof of concept for a crash vulnerability in RATS version 2.3. The exploit is triggered by running the command 'rats --AAAA' which causes the application to crash. The exploit was written by David Silveiro and tested on Ubuntu 14.04 LTS.
The application suffers from multiple stored XSS vulnerabilities. Input passed to several POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This module exploits a buffer overflow in the RENAME command of PCMAN FTP Server 2.0.7. This requires authentication but anonymous credentials are enabled by default.
The application installs with LOCAL SYSTEM service credentials in the directory %SystemRoot%/css50/csdir. The executables that are installed, by default, allow AUTHENTICATED USERS to modify, replace or alter the file. This would allow an attacker to inject their code or replace the executable and have it run in the context of the system, allowing complete compromise of a machine on which it was installed, giving the process LOCAL SYSTEM access to the machine in question.
Services By CQR