The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request to the /webmail/client/skins/default/css/css.php. Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.
This module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64.
A authenticated persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser.
By supplying a long prototype chain of objects with a large expected_nof_properties, an attacker can control the resulting value of instance_size by causing (requested_embedder_fields + requested_in_object_properties) << kPointerSizeLog2 to be overflown to a small negative value, resulting in an allocation smaller than header size.
This security issue allows users playing a Call of Duty match to cause a buffer overflow on the host’s system inside a stack-allocated buffer within the game’s network handling, which can lead to full remote code execution.
A Use-After-Free vulnerability exists in the Windows kernel due to improper handling of certain memory operations. An attacker can exploit this vulnerability by sending a specially crafted request to the kernel, which can lead to arbitrary code execution in the context of the kernel. This vulnerability affects Windows versions prior to Windows 10.
An attacker can escape the ‘sed’ command with a simple payload, such as ‘`touch a`’. Another example that fits is AdminID=a’`telnetd`’, which allows a user to login as “a”, which becomes the new root account.
This exploit allows an attacker to obtain credentials from a DVR device by sending a request to the device.rsp?opt=user&cmd=list endpoint.
This exploit allows an attacker to send and retrieve commands on GPON routers. The exploit sends the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices. The attacker then waits for 3 seconds and retrieves the output from the diag.html page.
This exploit is a proof-of-concept (PoC) command injection in the BLE service of Norton Core Secure WiFi Router. The exploit is demonstrated by using OS GNU/Linux, Bluetooth dongle adapter, and BlueZ utility. The exploit requires restarting the router to provide access to the engineering page, and then executing the PoC script as the root user with the command to be executed as an argument. After the script is successfully executed, the attacker can gain access to the device via SSH connection with root as the user and admin as the password.
Services By CQR