OXID eShop is vulnerable to a SQL Injection vulnerability in the 'sorting' parameter. By adding the 'sorting' parameter after the URL of an item detail page, an attacker can insert malicious PHP code into the database. This code can then be executed by accessing a specially crafted URL, which will display the PHPINFO page if exploited successfully.
A persistent cross-site scripting vulnerability exists in Kuicms Php EE 2.0. An attacker can send a malicious POST request with a crafted payload to the vulnerable application in order to execute arbitrary HTML or JavaScript code in the context of the vulnerable application.
This exploit is a DNS Response Amplification Attack which uses the scapy library to send a DNS request to a local DNS server. The request contains a DNS Resource Record (RR) of type TSIG which is used to authenticate the request. The response from the server is amplified and can be used to launch a denial of service attack.
This exploit is a native implementation without requirements, written in Python 3. It works equally well on Windows as Linux (as MacOS, probably). It does a reliable check before exploitation (not based on version numbers) and performs normal RCE without Privilege Escalation (which is more trust worthy). It also asks before running Root RCE (as this is more dangerous).
StreamRipper32 is a Windows application that allows users to record streaming audio from the Internet. A buffer overflow vulnerability exists in StreamRipper32 version 2.6 when a user adds a maliciously crafted string to the 'SongPattern' field in the 'Station/Song Section' of the application. This can be exploited to execute arbitrary code by a remote attacker.
Open-AudIT 3.3.0 is vulnerable to a reflective cross-site scripting vulnerability. An authenticated user can inject malicious JavaScript code into the search parameter of the application, which is then reflected back to the user and executed in the user's browser. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This module exploits a ViewState .NET deserialization vulnerability in web-based MS SQL Server management tool myLittleAdmin, for version 3.8 and likely older versions, due to hardcoded <machineKey> parameters in the web.config file for ASP.NET. Popular web hosting control panel Plesk offers myLittleAdmin as an optional component that is selected automatically during 'full' installation. This exploit caters to the Plesk target, though it should work fine against a standalone myLittleAdmin setup. Successful exploitation results in code execution as the user running myLittleAdmin, whiuch is typically the SYSTEM user.
Any unauthenticated attacker is able to execute arbitrary os command on the server by registering on the register page and uploading a shell.php file with a PHP-shell-code and then executing the os command via the uploaded shell.
The POST parameter 'user_name', 'user_firstname', 'user_lastname' is vulnerable to persistent cross site scripting Payload: <script>alert(1)</script> POST /phpmaster/admin/users.php?source=add_user HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/phpmaster/admin/users.php?source=add_user Content-Type: multipart/form-data; boundary=---------------------------515906178311115682892435428 Content-Length: 417375 Connection: close Cookie: PHPSESSID=8810e038f92cd7c711ee8b95db1dcacb Upgrade-Insecure-Requests: 1
GoldWave 5.70 is vulnerable to a buffer overflow vulnerability when a specially crafted file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the malicious code. The vulnerability is triggered when a user opens a specially crafted file with the application.
Services By CQR