Redaxo CMS 4.2.1 is vulnerable to a remote file inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server.
A stack buffer overflow vulnerability exists in AgentX++, due to improper bounds checking of user-supplied data. An attacker can send a specially crafted packet to the AgentX++ service, resulting in arbitrary code execution.
A vulnerability exists in PHP RapidKill Pro 5.x which allows an attacker to upload a malicious shell file (r57 or DigitALL Shell) to the vulnerable server. The attacker can then access the shell by clicking on the 'FİLES' option and renaming the file to xx.php. After clicking the 'Go To Shell' option, the attacker can gain access to the vulnerable server.
Multiple SQL Injection vulnerabilities exist in the Joomla Component com_pandafminigames. An attacker can exploit these vulnerabilities to gain access to sensitive information from the database, such as usernames and passwords. Example URLs include index.php?option=com_pandafminigames&Itemid=&task=myscores&userid=XX+AND+1=2+UNION+SELECT+concat(database()),2,concat(database()),4,5,6,7,8,9,10,11,12-- and index.php?option=com_pandafminigames&Itemid=XX&gameid=X+AND+1=2+UNION+SELECT+concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),concat(database()),7,8--.
The vulnerability exists in the com_joltcard component of Joomla. The vulnerable parameter is cardID. An example URI is index.php?option=com_joltcard&Itemid=XX&task=view&cardID=X+AND+1=2+UNION+SELECT+concat(database())--. Selected information gets only displayed within the HTML source code (look at <OBJECT> tag).
Your Shell shell.php.jpg And Upload Site. And Go to /view.php Your Shell Link Click And Go To Shell
This vulnerability allows an attacker to upload a malicious shell to a vulnerable web server. The attacker can then use the shell to gain access to the server and execute arbitrary code. The vulnerability is caused by a lack of proper input validation in the webadmin.php script, which allows an attacker to upload a malicious file to the server.
This exploit allows an attacker to change the username and password of a 60 cycleCMS V 2.5.2 system by using a CSRF attack. The attacker can craft a malicious HTML page that contains a form with the desired username and password fields. When the victim visits the malicious page, the form will be automatically submitted and the username and password will be changed.
iomega chose to use smbwebclient to allow users of its product to access files shared by the device via their web browser. However, smbwebclient is in an unprotected directory allowing access without authentication. smbwebclient grants the user full browser-based read/write access to any visible shares on the device itself OR the rest of the device's local network (assuming the shares' permissions grant said access).
This exploit allows an attacker to bypass authentication and create a user with full administrative privileges in Apache OFBiz. The exploit works by sending a POST request to the /webtools/control/scheduleService endpoint with the externalLoginKey parameter set to the value of the externalLoginKey cookie. The request also includes the username and password of the user to be created, as well as the roleTypeId parameter set to FULLADMIN.
Services By CQR