This is an exploit for the VisoHotlink 1.0 application that allows remote file inclusion. The vulnerable code is in the 'require_once' statement, where the 'mosConfig_absolute_path' variable is not properly sanitized.
RunCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerability with a simple php injection script.
This module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to write a shell from a remote url to a known local path disclosed from the previous vulnerability. The local path being accessible from a URL then allows us to perform the remote code execution using for example a .jsp shell. Tested on Windows and Oracle Forms and Reports 10.1.
A buffer overflow is triggered when requesting a very long url in POST request
This exploit allows an attacker to escalate privileges on a Mac OS X system, gaining root access. It uses a shell wrapper and shell planting technique to create and execute a malicious binary file. The exploit takes advantage of a vulnerability in the System Preferences application.
This exploit allows an attacker to perform SQL injection in the gallery.php file of webSPELL v4.01.02. By manipulating the parameters, the attacker can retrieve the password from the user table.
This vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long mode field (more than 460 bytes).
The RESOLV_HOST_CONF environment variable is vulnerable to command injection. An attacker can set the variable to a malicious command, which will be executed when the system tries to resolve a hostname. In this example, the attacker sets the variable to /etc/shadow; ping adfas, causing the system to ping the host adfas after reading the /etc/shadow file.
This module exploits a vulnerability found in the command and control panel used to control Dexter (Point of Sale malware). This is done by accessing the PHP page used by bots to report in (gateway.php) which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot connecting. The 'page' parameter is used in this case. The command and control panel designates a location to upload files, and can be used as a reliable location to write a PHP shell. Authentication is not needed to exploit this vulnerability.
Services By CQR