TeamSpeak 3 versions <= 3.0.0-beta23 are vulnerable to remote code execution due to lack of authentication for admin commands. An attacker can send a malicious packet to the server via UDP port 9987 and execute arbitrary commands as the superadmin user.
Several Denial of Service vulnerabilities exist in SFTP module of Sysax Multi Server. The unsafe commands include "open","unlink", "mkdir" and etc. .which can not handle overlength strings properly. If you could log on the server successfully, take the following steps and the Sysax Multi server will crash which would lead to Denial of Service attack: #initialize $FUZZ = "A" x 1000; 1. $ssh2 = Net::SSH2->new(); 2. $ssh2->connect($server, $port); 3. $ssh2->auth_password($user, $pass); #there are several ways to compromise the server, I list them here as 4.1, 4.2, and etc. ... 4.1 $scpget = $ssh2->scp_get($FUZZ); 4.2 $sftp = $ssh2->sftp(); $o1 = $sftp->open($FUZZ); 4.3 $sftp = $ssh2->sftp(); $u = $sftp->unlink(FUZZ); 4.4 $sftp = $ssh2->sftp(); $m = $sftp->mkdir($FUZZ); 5 $ssh2->disconnect();
altbta discovered two vulnerabilities in myUPB version 2.2.6. The first vulnerability is a backup exploit which allows an attacker to download the backup files of the application. The second vulnerability is a Local File Inclusion (LFI) vulnerability which allows an attacker to read arbitrary files from the server.
A remote file inclusion (RFI) vulnerability exists in Joomla com_jomestate component. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable server. The malicious URL contains a malicious script hosted on a remote server. When the vulnerable server receives the malicious URL, it will execute the malicious script on the vulnerable server.
A persistent XSS vulnerability exists in Joomla com_community component. An attacker can exploit this vulnerability by registering as a user and setting their status to a malicious payload. This payload will be executed in the browser of any user who views the profile page of the attacker.
Gcms generator is a mini-site version CMS (content management). With this tool, an attacker can inject malicious code into the 'lang' parameter of the URL, which can be used to execute arbitrary SQL commands.
A SQL injection vulnerability exists in Saffa Tunes CMS, which allows an attacker to execute arbitrary SQL commands via the 'id' and 'year' parameters in the 'news.php' script.
Advanced access control will let a user decide who will be able to read and comment his joomla portfolio. There are many configuration features like the ability to upload files to portfolio, calendar and events by users and others. Attackers can upload their shells in the options Achievements • Plans • Events • Pages. After uploading the shell, attackers can check their shell and root the server.
Shareasale Script is a PHP and MYSQL based script that can be used to import and display product data feeds from Shareasale.com. The script comes complete with a default template, a complete backend administration functionality, and much more. An attacker can exploit a SQL injection vulnerability in the merchant_product_list.php script to execute arbitrary SQL commands on the underlying database.
OroHYIP will help anyone manage their employees or any other expenses a company may have. A SQL injection vulnerability exists in the withdraw_money.php script, which allows an attacker to execute arbitrary SQL commands on the underlying database.
Services By CQR