OwnTicket 1.0 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'TicketID' parameter in the 'index.php' and 'editTicketStatusId' scripts. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Learning with Texts 1.6.2 is vulnerable to SQL Injection. This vulnerability can be exploited by sending malicious SQL queries to the vulnerable parameter 'start' in do_text.php and 'wid' in delete_mword.php. An attacker can use this vulnerability to gain access to the database and execute arbitrary code.
Time and Expense Management System 3.0 is vulnerable to SQL Injection. This vulnerability is due to insufficient sanitization of user-supplied input in the 'table' and 'field' parameters of the GetTips.php script. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, resulting in the manipulation or disclosure of arbitrary data.
The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorized live RTSP stream disclosure. An attacker can exploit this vulnerability by sending a crafted HTTP request to the target device to access the RTSP stream.
The vulnerability is caused by the fact that the colon character in the path of the .gitmodules file allows the payload script to be executed. The path will end up as the repository URL in the subsequent clone operation, with the actual URL from .gitmodules being interpreted as the -u argument.
The devices utilizes hard-coded and credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.
In the 4.2.23 version of BigTree, a Stored XSS vulnerability has been discovered in /admin/ajax/file-browser/upload/ (aka the image upload area). An attacker can exploit this vulnerability by sending a malicious HTTP POST request with a specially crafted filename parameter.
This module exploits a use after free vulnerability in VideoLAN VLC =< 2.2.8. The vulnerability exists in the parsing of MKV files and affects both 32 bits and 64 bits. In order to exploit this, this module will generate two files: The first .mkv file contains the main vulnerability and heap spray, the second .mkv file is required in order to take the vulnerable code path and should be placed under the same directory as the .mkv file. This module has been tested against VLC v2.2.8. Tested with payloads windows/exec, windows/x64/exec, windows/shell/reverse_tcp, windows/x64/shell/reverse_tcp. Meterpreter payloads if used can cause the application to crash instead.
This module exploits a vulnerability in RSH on unpatched Solaris systems which allows users to gain root privileges. The stack guard page on unpatched Solaris systems is of insufficient size to prevent collisions between the stack and heap memory, aka Stack Clash. This module uploads and executes Qualys' Solaris_rsh.c exploit, which exploits a vulnerability in RSH to bypass the stack guard page to write to the stack and create a SUID root shell. This module has offsets for Solaris versions 11.1 (x86) and Solaris 11.3 (x86). Exploitation will usually complete within a few minutes using the default number of worker threads (10). Occasionally, exploitation will fail. If the target system is vulnerable, usually re-running the exploit will be successful.
The FSCTL_FIND_FILES_BY_SID control code doesn’t check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access. At least when run on an NTFS volume no check seems to occur later in the process to ensure the caller would have some sort of access to the directory which would grant them the ability to list the directory. This allows a less privileged attacker to list the file names in a directory which they’ve been granted some access, but not FILE_LIST_DIRECTORY access.
Services By CQR