The vulnerability allows a local attacker to access sensitive information, including superuser password information, leading to further attacks. A complete compromise is possible. An example exploit is available: $ /opt/SUNWsrspx/bin/srsexec -dvb /etc/shadow OWNED
This exploit allows an attacker to perform SQL injection and obtain path disclosure in HLStats version 1.20 to 1.34. It works when magic_quotes_gpc is set to On. The exploit has been tested on Linux and Windows. The author of this exploit is Michael Brooks.
This vulnerability allows remote attackers to read portions of memory in Python applications that use the 'PyLocale_strxfrm' function.
HP Tru64 for UNIX is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. Successful exploits will result in a complete compromise of vulnerable computers. Failed exploit attempts will result in a denial of service.
RoboHelp is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization. An attacker can exploit this vulnerability to inject and execute arbitrary script code in the browser of a victim user. This can lead to various attacks, including stealing authentication credentials and launching further malicious activities.
Advanced Guestbook is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
This exploit allows an attacker to escalate their privileges to Local SYSTEM on a Windows XP SP3 machine by exploiting the NDProxy vulnerability (CVE-2013-5065). The exploit uses a null pointer dereference to gain access and execute arbitrary code.
This module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'db_restore.php' file allows unauthenticated users to execute arbitrary SQL queries. This module writes a PHP payload to disk if the following conditions are met: The PHP configuration must have 'display_errors' enabled, Kimai must be configured to use a MySQL database running on localhost; and the MySQL user must have write permission to the Kimai 'temporary' directory.
This module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The issue is due to the handling of unauthenticated EXECUTE operations on the wserver.exe component, which allows arbitrary commands. The component is disabled by default, but required when a project uses the SCIL function WORKSTATION_CALL. This module has been tested successfully on ABB MicroSCADA Pro SYS600 9.3 over Windows XP SP3 and Windows 7 SP1.
This module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is used to achieve remote code execution. This module has been tested successfully on Cisco Prime Data Center Network Manager 6.1(2) on Windows 2008 R2 (64 bits).
Services By CQR