By utilizing a directory traversal along with the FTP MDTM command, an attacker can browse outside the root directory to determine if a file exists based on return file size along with the date the file was last modified by using a .... technique
PilusCart 1.4.1 is vulnerable to CSRF attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), a form will be submitted that will add a new user as administrator.
This is a unicode SEH overflow, but the buffer is too small for a unicode encoded reverse shell payload. Therefore, an egghunter is implemented to locate an alphanumeric encoded payload stored in memory.
If snd_timer_user_ccallback() doesn't initialize snd_timer_tread.event and snd_timer_tread.val, they are leaked by snd_timer_user_read()
This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploit.js. It will then setup a framework to run ROP chains in index.html and by default will provide two hyperlinks to run test ROP chains - one for running the sys_getpid() syscall, and the other for running the sys_getuid() syscall to get the PID and user ID of the process respectively.
DirectAdmin v 1.55 have CSRF via CMD_ACCOUNT_ADMIN Admin Panel lead to create new admin account. An attacker can send a crafted request to a logged in user who is having admin Administrator level access. Once the logged in user opens the URL, the form will get submitted with active session of administrator and action get performed successfully.
Specifying an X-Forwarded-For header bypasses the local only check, allowing an attacker to execute arbitrary code on the vulnerable system.
This vulnerability allows an attacker to access the user's account information by manipulating the parameters of the login form. The code snippet contains a function that takes the user's login, password, and email address as parameters and sends them to the server. The parameters are then encrypted and sent to the server. The server then processes the request and returns a response. If the response is successful, the user is logged in. If the response is unsuccessful, an error message is displayed.
JRMPClient_20180718_bypass01 is a payload from ysoserial which can be used to exploit two remote code execution vulnerabilities in Oracle WebLogic. The payload uses the ReferenceWrapper_Stub class to create a remote object invocation handler which can be used to execute arbitrary code on the vulnerable server.
This exploit allows an unauthenticated attacker to execute arbitrary code on a vulnerable phpBB3 installation. The exploit works by exploiting a vulnerability in the Attachment Settings ACP page, which allows an attacker to upload a malicious ZIP file containing a malicious PHP script. The script is then executed when the server attempts to unzip the file.
Services By CQR