A vulnerability in CMS Made Simple 2.2.5 allows an authenticated user to execute arbitrary code on the server. This is achieved by uploading a malicious text file to the server, copying it to a PHP file, and then executing it. The exploit requires authentication, but the default credentials are admin:password.
Java servlet `ADSHACluster` executes `bcp.exe` file which can be passed using `BCP_EXE` param.
An issue was discovered in ntopng 3.4. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access.
An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by corrupting glibc's doubly-linked memory chunk list. At the time of writing, no patch has been made available. The issue was discovered by Magnus Klaaborg Stubman. On line 409 of slpd_process.c, the *sendbuf pointer is copied to result. On line 251, the first reallocation takes place, potentially free()ing the memory if it was moved as part of the reallocation. On line 547, the second reallocation is done, again potentially free()ing the memory if it has to be moved as part of the reallocation, potentially resulting in a double free bug.
A remote stack-based buffer overflow vulnerability exists in COMMGR Version 1.08 and prior, DVPSimulator EH2, EH3, ES2, SE, SS2, AHSIM_5x0, AHSIM_5x1. An attacker can send a specially crafted packet to the vulnerable server to cause a denial of service condition.
A buffer overflow vulnerability exists in SIPp 3.6-dev and earlier versions. By passing a large string of “A” characters as an argument to the -3pcc, -i, and -log_file options, a local attacker can cause a stack-based buffer overflow, resulting in a crash.
EMETs XML parser does not account for external entity declarations in '.config' files. This allows outbound network connections and users local files to be exfiltrated to remote attacker controlled server. Conditions are a user must be tricked into importing a specially crafted XML file.
This script will return execute whatever payload you placed within it. Keep in mind that SD-WAN is running a slimmed down Linux version so obtaining a reverse shell isn't as simple as nc -e /bin/bash blah blah The command within this script will send stdout of commands to your netcat listener.
The vulnerability was discovered during a vulnerability research lecture. This is meant to be a PoC. The exploit is a python script which binds a FTP server to a port and sends a malicious payload to the server.
A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
Services By CQR