This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 2014. This module was created by reversing a public malware sample.
Input passed via the 'site_directory_sort_field' HTTP POST parameter to '/guest/site_directory' URL is not properly sanitized before being used in SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL commands.
This module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password hash, the module updates the password to login as the admin to reach the second vulnerability. No server-side sanitization is done on values passed when configuring a static network interface. This allows an administrator user to run arbitrary commands in the context of the web application, which is root when configuring the network interface. This module will inadvertently delete any other users that may have been present as a side effect of changing the admin's password.
The vulnerability allows an attacker to perform SQL injection through the 'forum.asp' page. By manipulating the 'forumid' parameter, an attacker can retrieve sensitive information such as admin usernames and passwords.
The Password Door application is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
There is a remote heap overflow in SmartFTP. When the app receives a long banner (5000 char), the heap is smashed, leading to DoS and code execution. There are also two buffer overflows in the fields Address and Login. Reported to Secunia but not published. A simple drag'n drop could compromise the system.
WFTPD Pro Server 3.30.0.1 suffers from multiple remote vulnerabilities which resolves in denial of service. Several commands are vulnerable including: LIST, MLST, NLST, NLST -al, STAT and maybe more.
The HFS+ file system does not apply strict privilege rules during the creating of hard links. The ability to create hard links to directories is wrong implemented and such an issue is affecting OS versions greater or equal to 10.5. The vulnerability allows creating a large number of hard links to directories, potentially leading to a kernel crash when certain commands like 'ls' or 'find' are executed. The exploit code can be found at http://cert.cx/stuff/l2.c.
This module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This inconsistency allows to spoof file names when opening ZIP files with WinRAR, which can be abused to execute arbitrary code, as exploited in the wild in March 2014.
The LightRO CMS 1 beta version is vulnerable to remote file inclusion. The vulnerability allows an attacker to include a remote file in the vulnerable script, leading to potential code execution or sensitive information disclosure.
Services By CQR