Pandora 7.0NG is vulnerable to a remote code execution vulnerability. An attacker can send a crafted graph request with a malicious ip_src parameter to execute arbitrary code on the vulnerable system. This vulnerability is due to insufficient sanitization of user-supplied input in the ip_src parameter of the graph request. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.
TotalAV 2020 4.14.31 has quarantine flaw that allows attacker escape of privilege by using NTFS directory junction. Attacker must create NTFS directory junction to restore.
An XML External Entity Injection (XXE) vulnerability exists in MSN Password Recovery 1.30. An attacker can exploit this vulnerability by creating a malicious XML file and hosting it on a web server. The attacker can then use the software to open the malicious XML file, which will cause the malicious payload to be executed. This can lead to the disclosure of sensitive information.
Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmware 7.00.
The vulnerability exists in the TeamCity server, which allows an attacker to execute malicious code remotely. The exploit code will connect to the TeamCity server and trigger the vulnerable code. To exploit the vulnerability, the attacker needs to have access to a SMB share that the TeamCity software can read from and that the attacker can write to. The attacker then needs to place a malicious POM in the share, which will be executed by the TeamCity server.
ASTPP 4.0.1 VoIP Billing Chained Remote Root is vulnerable to Remote Code Execution. An attacker can inject malicious HTML code in SIP Caller Number, XSS injection in SIP Caller Name, XSS document.cookie evasion, XSS document.cookie grabber, Command Injection, Reverse Shell, Root the system and Looting.
EBBISLAND / EBBSHAVE RPC Buffer Overflow for IBM AIX PPC is a vulnerability that allows an attacker to execute arbitrary code on the target system. The exploit code example requires /usr/bin/bash on the target. The exploit code example takes in 6 arguments: rhost, lhost, lport, gid_base, execl_func, execl_toc. The exploit code builds a packet with a header and body, and sends it to the target system. The body contains the node_length, node_name, uid, gid, gids_len, gids, base_addr, addr_8c, addr_a8, addr_4c, func_addr, toc_addr, and cmd.
This exploit allows an attacker to gain access to credentials stored in Cisco DCNM JBoss 10.4. The attacker needs to have a few .jars from a copy of Cisco DCNM to compile and run this code. The attacker can then use the code to access the credentials stored in the system. The code can be compiled by matching the file path ${package}/${class}.java, e.g., com/whatdidibreak/dcnm_expl/Main.java. The attacker can then use the command java -jar PackagedJarFile Victim1IpOrFqdn [victim2 ...] to gain access to the credentials.
There isn't any file extension control at the 'Register Complaint' section of user panel. An unauthorized user can upload and execute php file. Below basic python script will bypass authentication and execute command on target server.
The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.
Services By CQR