Advantech WebAccess versions prior to 8.3 are vulnerable to a directory traversal attack which allows an attacker to execute arbitrary code on the target system. This vulnerability is due to a lack of proper validation of user-supplied input when handling requests to the webvrpcs directory. An attacker can exploit this vulnerability by sending a specially crafted request containing directory traversal characters to the webvrpcs directory. This will allow the attacker to execute arbitrary code on the target system.
This bug was found using the portal with authentication as administrator. To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact with the application. It is possible to inject SQL code in the variable 'qty' on the page 'index.php'.
The installer for DEWESoft X3 SP1 (64-bit) devices, specifically the "RunExeFile.exe" component does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that can launch an .EXE file located at an arbitrary directory location, download an .EXE from an external URL, or Run a "SETFIREWALL Off" command.
This module exploits command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute a operating system command under the context of privileged user. Publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing given system. This endpoint calls a several internal classes and then executes powershell script without validating user supplied parameter when the given system is OfficeSharePointServer.
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991.
Memcrashed is a tool that allows users to use Shodan.io to obtain hundreds of vulnerable memcached servers. It then allows users to use the same servers to launch widespread distributed denial of service attacks by forging UDP packets sourced to the victim. The default payload includes the memcached 'stats' command, 10 bytes to send, but the reply is between 1,500 bytes up to hundreds of kilobytes.
This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the 'Composite Moniker' vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the primitive that the vulnerability provides.
A SQL injection vulnerability exists in Redaxo CMS Addon MyEvents version 2.2.1. An attacker can send a maliciously crafted HTTP request to the vulnerable server, which can be used to execute arbitrary SQL commands in the backend database.
A type confusion vulnerability exists in JavaScript due to the LdaNamedProperty operation 'opt.x' being lowered to a graph exit in the graph builder. This set the current environment to nullptr, which caused the context value to remain as 'undefined'. However, GetSpecializationContext directly casted the context value to Context* which resulted in type confusion.
Services By CQR