The POST parameter 'search[order_column][0]' does not sanitize user input when searching through the order lists. An attacker can use ZAP/Burp to capture the web request when searching through existing order lists and save it to request.txt. Then, they can use sqlmap -r request.txt --dbms=mysql -p search[order_column][0] to exploit the vulnerability.
The application is prone to insecure permissions in its folders that allows unprivileged user complete control. An attacker can exploit the vulnerability by arbitrarily replacing file(s) invoked by service(s)/startup regkey impacted. File(s) will be executed with SYSTEM privileges.
Authenticated Cross-Site Scripting (XSS) vulnerability in SmartFoxServer 2X 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the AdminTool console. The vulnerability exists due to insufficient sanitization of user-supplied input passed to the AdminTool console. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary HTML code in a user's browser session in context of an affected site.
SeoPanel 4.6.0 is vulnerable to Remote Code Execution via authenticated file upload. An attacker can exploit this vulnerability by logging in with valid credentials, uploading a malicious file and executing it.
PhreeBooks ERP 5.2.3 is vulnerable to remote code execution due to authenticated unrestricted file upload in the 'Image Manager' section of the application.
This exploit is a proof-of-concept for the Sudo 1.9.5p1 vulnerability, which is a heap-based buffer overflow privilege escalation vulnerability. It was discovered by Baron Samedit of Qualys and was exploited by cts with help from r4j and debugged by nu11secur1ty. The exploit was tested on Ubuntu 18.04 and 20.04 & 20.04.01. The exploit code is written in C and is designed to overwrite the target file with the contents of the source file. The exploit requires the user to adjust the RACE_SLEEP_TIME variable to the best value for the system.
Sudo versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1 are vulnerable to a heap-based buffer overflow. This vulnerability can be exploited by an attacker to gain root privileges. The exploit code is written in Python3 and requires the attacker to have a valid user account on the target system. The exploit code creates a malicious environment variable and executes the sudo command with the malicious environment variable. This causes a heap-based buffer overflow and allows the attacker to gain root privileges.
Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. The attacker can craft a malicious HTML page with a form that submits a request to the vulnerable application. The form contains hidden fields that are set to the values the attacker wants to submit to the application.
A buffer overflow vulnerability in the dtprintinfo(1) CDE Print Viewer, leading to local root privilege escalation.
This exploit is a pretty lean exploit now, but its development took some time. It involves the %hhn format string, a single-byte write, and a suitable memory location to patch in the .got.plt section of the vulnerable binary.
Services By CQR