This exploit spawns a shell with root privileges. The exploit will be written into the file miniftpd.conf. The given var settings is a *char and will be splitted into key and value key and value are both 128 char long and settings can be longer than 128 + 128 chars. This issue will not be checked and stored. This causes a buffer overflow.
A denial of service vulnerability exists in Easy Chat Server Version 3.1 due to improper validation of user-supplied input. An attacker can send a specially crafted HTTP request with an overly long 'message' parameter to crash the application.
Admin Express v1.2.5.485 is vulnerable to a local SEH alphanumeric encoded buffer overflow. The exploit involves manually encoding shellcode and using the sub method for encoding each line of payload. The exploit requires the user to copy the contents of pwn.txt into the left-hand side Folder Path field, and then click the scale icon in the middle of the screen, under the Services and Running Processes tabs. This will execute the shellcode, which in this case is calc.exe.
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Print Archive System v2015 release 2.6. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the "TextField" parameter.
When NSClient++ is installed with Web Server enabled, local low privilege users have the ability to read the web administator's password in cleartext from the configuration file. From here a user is able to login to the web server and make changes to the configuration file that is normally restricted. The user is able to enable the modules to check external scripts and schedule those scripts to run. There doesn't seem to be restrictions on where the scripts are called from, so the user can create the script anywhere. Since the NSClient++ Service runs as Local System, these scheduled scripts run as that user and the low privilege user can gain privilege escalation. A reboot, as far as I can tell, is required to reload and read the changes to the web config.
A SQL injection vulnerability exists in microASP (Portal+) CMS, which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to improper input validation of the 'explode_tree' parameter in the 'pagina.phtml' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can allow an attacker to gain access to sensitive information stored in the database, modify or delete data, or execute arbitrary system commands on the underlying operating system.
A SQL injection vulnerability exists in PHPads Version 2.0 based on Pixelledads 1.0. The vulnerable code is located in the click.php3 file. An attacker can send a specially crafted request to the vulnerable file and execute arbitrary SQL commands in application's database. The vulnerable code is located in the click.php3 file. An attacker can send a specially crafted request to the vulnerable file and execute arbitrary SQL commands in application's database.
I found a new vulnerability in the (ReadyAPI). It allows an attacker to execute a remote code on the local machine putting in danger the ReadyAPI users including developers, pentesters, etc... The ReadyAPI allows users to open a SOAP project and import WSDL files that help the users to communicate with the remote server easily. The WSDL file owner can determine default values of some parameters. An attacker can impersonate a legitimate web service and inject a malicious code into a default value of one of the parameters and spread it to ReadyAPI clients. When a ReadyAPI client load a malicious WSDL file to his project and send a request containing the malicious code the ReadyAPI will execute the malicious code on the victim's computer.
LG SuperSignEZ CMS, that many LG SuperSign TVs have builtin, is prone to remote code execution due to an improper parameter handling.
A remote code execution vulnerability exists in Social Warfare Plugin Wordpress version <=3.5.2. An attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. This will allow the attacker to execute arbitrary code on the vulnerable server.
Services By CQR