This exploit is used to include a remote file in the web application. It uses Horde library to log into the web application and upload a .inc file with the given php code. The uploaded file is then included in the web application using the include_remote_inc_file() method of the Horde library.
An authenticated remote code execution vulnerability exists in rConfig 3.93 and below. An attacker can exploit this vulnerability by sending a malicious payload to the ajaxAddTemplate.php file. This will allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in Wordpress Plugin Appointment Booking Calendar 1.3.34 which allows an attacker to inject malicious code into the calendar name field and export a CSV file containing a malicious hyperlink. When the user clicks on the hyperlink, they are redirected to a fake login page.
By accessing the AD Helper's web interface, it was discovered that a call to an API endpoint is made, which responds with plaintext credentials to all configured domain controllers. There is no authentication required to access this endpoint.
The vulnerability exists due to insufficient filtration of user-supplied input passed via the 'feedid' parameter to the '/index.php' script. A remote attacker can execute arbitrary SQL commands in application's database, cause denial of service, access or modify sensitive data, exploit various vulnerabilities in the underlying SQL server software, etc.
TeamCity Agents configured to use bidirectional communication allow the execution of commands sent to them via an XML-RPC endpoint. This script requires the following python modules are installed pip install requests.
This module exploits an authentication bypass in CTROMS, triggered by password reset verification code disclosure. In order to exploit this vulnerability, the username must be known. Exploiting this vulnerability create a new password for the user you specified and present it to you. The "verification code" and "cookie generate" functions required to reset the password contain vulnerability. When the "userId" parameter is posted to "getverificationcode.jsp", a verification code is transmitted to the account's phone number for password reset. But this verification code written in the database is also reflected in the response of the request. The first vector would be to use this verification code. The second vector is the "rand" cookie values returned in this request. These values are md5. If these values are assigned in the response, password reset can be done via these cookie values.
An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal (....) to browse outside the root directory to determine the existence of a file on the operating system, and the last mofidied date.
This module exploits a vulnerability in Nagios XI before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.
Persian VIP Download Script 1.0 is vulnerable to SQL Injection. The vulnerability exists in the 'active' parameter of the 'cart_edit.php' page. An attacker can inject malicious SQL queries via the 'active' parameter and gain access to the database. The injection technique used is time-based blind.
Services By CQR