This module take advantage of three separate vulnerabilities in order to read an arbitrary text file from the file system with the privileges of the web server. You must be authenticated, but can be unprivileged since a privilege escalation vulnerability is used. Tested against HP Release Control 9.20.0000, Build 395 installed with demo data. The first vulnerability allows an unprivileged authenticated user to list the current users, their IDs, and even their password hashes. Can't login with hashes, but the ID is useful in the second vulnerability. When a user changes their password, they post the ID of the user who is going to have their password changed. Just replace it with the admin ID and you change the admin password. You are now admin. The third vulnerability is an XXE in the dashboard XML import mechanism. This is what allows you to read the file from the file system. This module is super ghetto half because it was an AMF application, half because I worked on it longer than I wanted to.
There is a remote stack overflow in FTP Voyager triggered by a long 257 response. After that, if the user hits <abort>, it causes a stack overflow. This vulnerability only results in a denial of service (DoS) and does not allow for code execution.
This script exploits a directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4. It allows an attacker to download sensitive files from the target Windows machine, such as registry hives, boot.ini, and win.ini.
This is a remote stack overflow exploit for News Rover 12.1 Rev 1. The exploit is coded and discovered by Marsu. It allows an attacker to execute arbitrary code on the target system.
The TurboFTP application is vulnerable to multiple remote denial of service attacks. These include handling responses with a large number of newline characters, a heap overflow triggered by a long file name in a LIST command response, and a heap overflow when the application sends a long CWD command. These vulnerabilities can be exploited to cause a denial of service condition on the target system. It is unlikely that code execution is possible with these vulnerabilities.
Mozilla Firefox allows remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
This exploit takes advantage of a buffer overflow vulnerability in the /usr/sbin/eject executable. By providing a specially crafted buffer, an attacker can execute arbitrary code with the privileges of the eject process.
This exploit allows an attacker to perform SQL injection on the Online Web Building v2.0 (id) application. By injecting SQL code into the 'art_id' parameter of the 'page.asp' page, an attacker can retrieve sensitive information such as usernames and passwords from the 'Users' table.
High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system.
This exploit targets NukeSentinel version 2.5.05 and specifically the file 'nsbypass.php'. It allows an attacker to perform blind SQL injection attacks. The exploit requires certain conditions to be met, such as PHP and CMS conditions, and the victim's username and URL. Additional options can be specified, such as whether the victim is an admin or a normal user, the table prefix, the number of hits to try, and proxy settings.