FlexHEX 2.71 is vulnerable to a local buffer overflow vulnerability when a maliciously crafted file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the shellcode.
This exploit allows an unauthenticated attacker to execute arbitrary code on a Bolt CMS server. The exploit works by uploading a malicious HTML file to the server, which then executes a malicious JavaScript payload. The payload uses XMLHttpRequest to send a POST request to the Bolt CMS admin page, which then modifies the config.yml file to allow the execution of PHP, HTML, and JavaScript files. This allows the attacker to execute arbitrary code on the server.
NCrypted Jobgator is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'experience' in the 'Find-Jobs' page. The payload 'btnsearch=Search&experience=1" OR NOT 4365=4365#&job_title=Mr.&location=1' can be used to exploit this vulnerability.
This module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and <= 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post.
Plugin implements the following AJAX actions: manage_fm, get_stats, generete_csv, generete_xml, formmakerwdcaptcha, nopriv_formmakerwdcaptcha, formmakerwdmathcaptcha, nopriv_formmakerwdmathcaptcha, product_option, FormMakerEditCountryinPopup, FormMakerMapEditinPopup, FormMakerIpinfoinPopup, show_matrix, FormMakerSubmits, FormMakerSQLMapping, select_data_from_db, manage. All of them call the function form_maker_ajax_fmc. This function dynamicaly loads a file defined in $_GET['action'] or $_POST['action'] if the former is not defined. Because of the way WordPress defines the AJAX action a user could define the plugin action in the $_GET['action'] and AJAX action in $_POST['action']. Leveraging that and the fact that no sanitization is performed on the $_GET['action'], a malicious actor can perform a CSRF attack to load a file using directory traversal thus leading to Local File Inclusion vulnerability.
AIDA64 Extreme 5.99.4900 is vulnerable to a SEH buffer overflow vulnerability. An attacker can exploit this vulnerability by running a specially crafted python code which creates two files. The attacker then needs to paste the contents of either exploit-x32.txt or exploit-x64.txt (depending on the Windows version) into the Log sensor reading to CSV log file field in the Preferences menu. When the attacker exits the program, the shellcode (calc) will be opened.
Manage Engine ServiceDesk Plus Version <10.0 is vulnerable to privilege escalation. An attacker can bypass authentication and gain access to the system with high privileges by setting the JSESSIONID cookie.
The 'password' parameter has boolean-based blind SQL injection vulnerability. The login panel can be bypassed if the user name is known. Exploit allows the creation of a new password on the target.
A buffer overflow vulnerability exists in AIDA64 Engineer 5.99.4900 when a maliciously crafted 'Load from file' field is processed. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
MagicISO Maker 5.5(build 281) is vulnerable to a denial of service attack when a maliciously crafted serial code is entered into the registration form. When the malicious serial code is entered, the application crashes.
Services By CQR