This exploit is a remote shell exploit for TP-LINK TL-WR940N/TL-WR941ND routers. It uses a buffer overflow vulnerability to gain access to the router. The exploit uses a MD5 hash of the password 'admin' to generate an authorization cookie. It then uses a series of requests to generate a user directory. The exploit then uses a NOP sled and shellcode to gain access to the router. The shellcode is used to connect to an IP address and open a shell.
The bug allows us to increment 5 longs located after buf in memory. The first long is incremented by one, others by an arbitrary value between 0 and 0xff.
Ashop Shopping Cart Software is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this vulnerability to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to access or modify data in the back-end database, compromise the application, access or escalate privileges, or execute arbitrary commands on the operating system.
CARPE (DIEM) is an exploit for CVE-2019-0211, which is an Apache Root Privilege Escalation vulnerability. The exploit works by triggering a Use-After-Free (UAF) vulnerability, which allows an attacker to control the size of a string and make in-place edition. The exploit then uses a DateInterval object to read and write the timelib_rel_time structure, which can be used to gain root privileges.
CVE-2019-10273 is a information leakage vulnerability within the ManageEngine ServiceDesk Plus 9.3 software, this vulnerability allows for the enumeration of active users that are registered on the ServiceDesk 9.3 hosted software. Due to a flaw within the way the authentication is handled, an attacked is able to login and verify any active account.
A SEH buffer overflow vulnerability exists in Download Accelerator Plus DAP 10.0.6.0. An attacker can exploit this vulnerability by sending a specially crafted file to the vulnerable application. This can allow the attacker to execute arbitrary code in the context of the application.
An attacker can access all data following an authorized user login using the parameter. The attacker can use boolean-based blind, time-based blind, error-based and generic union techniques to exploit the vulnerability.
CentOS-WebPanel.com (aka CWP) CentOS Web Panel v0.9.8.793 (Free/Open Source Version) and v0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the 'CWP Settings > Edit Settings' screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload will execute.
AllPlayer V7.4 is vulnerable to a local buffer overflow vulnerability when a maliciously crafted URL is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the shellcode.
A reflected XSS vulnerability exists in Shoretel Connect versions 18.62.2000.0, 19.45.5101.0, 19.47.9000.0, 19.48.8400.0. An attacker can exploit this vulnerability by sending a malicious URL to the victim. The malicious URL contains a malicious script which will be executed in the victim's browser. The attacker can also hijack the session of the user by exploiting the XSS vulnerability.
Services By CQR