The exploit involves a remote buffer overflow and denial of service vulnerability in Microsoft Office 2000 Controllo UA di Microsoft Office (OUACTRL.OCX v. 1.0.1.9) "HelpPopup" method. By clicking a button on a webpage, an attacker can trigger the vulnerability and execute arbitrary code remotely or cause a denial of service condition in the winhlp32.exe process.
A vulnerability exists for Gemtek CPE7000 model ID WLTCS-106 exposing Iperf tool to unauthenticated users. Injecting a command in the perf_measure_server_ip parameter, an attacker can execute arbitrary commands. Since the service runs as root, the remote command execution has the same administrative privileges. The remote shell is obtained uploading the payload and executing it. A reverse shell is preferred rather then a bind one, since firewall won't allow (by default) incoming connections. Tested on Hardware version V02A and Firmware version 01.01.02.082.
The Scallywag application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a remote file using a specially crafted parameter in the URL. This allows the attacker to execute arbitrary code on the server.
PowerShell implementation of MS16-032. The exploit targets all vulnerable operating systems that support PowerShell v2+. Credit for the discovery of the bug and the logic to exploit it go to James Forshaw (@tiraniddo).
The NavBoard 2.6.0 portal is vulnerable to remote code execution. The vulnerability exists due to improper input validation in the 'admin_config.php' file. An attacker can exploit this vulnerability by sending a specially crafted request to the target system, which allows them to execute arbitrary code on the target system. This can lead to unauthorized access, data theft, and further compromise of the system.
The BtiTracker version 1.4.1 and below is vulnerable to remote SQL injection. This vulnerability allows any user to become an administrator. The vulnerable code is found in the account_change.php file, where the 'style' and 'language' parameters are not properly sanitized before being used in SQL queries. An attacker can exploit this by manipulating the 'style' parameter in the URL to inject SQL code and gain administrative control. For example, the URL account_change.php?style=2[SQL]&returnto=%2F can be used to execute arbitrary SQL queries. To gain admin control, the URL account_change.php?style=1,id_level=8 can be used.
This is a remote exploit for x86/linux WU-IMAP 2000.287(1-2). The exploit takes advantage of a vulnerability in the software to execute arbitrary code on the target system. It uses a shellcode to gain control of the system. The exploit requires the target IP address, login, and password as input.
This exploit targets a vulnerability in the MSHTML!CMarkupPointer::UnEmbed function. It allows an attacker to access memory that has already been freed, potentially leading to arbitrary code execution or a denial of service. The vulnerability was tested on IE11 on Windows 10 x64 and Windows 7 x64. The exploit triggers an access violation exception with the code c0000005.
The PHPmongoDB v1.0.0 software is vulnerable to CSRF attacks, HTML Injection, and XSS vulnerabilities. The CSRF vulnerabilities allow an attacker to create a database, drop a database, and create a collection without proper authentication. The HTML Injection vulnerability allows an attacker to inject malicious HTML code into the application, potentially leading to further attacks. The XSS vulnerabilities allow an attacker to execute malicious scripts within the context of the application, potentially leading to session hijacking or other attacks.
This module exploits a file upload vulnerability in Kace K1000 versions 5.0 to 5.3, 5.4 prior to 5.4.76849 and 5.5 prior to 5.5.90547 which allows unauthenticated users to execute arbitrary commands under the context of the 'www' user. This module also abuses the 'KSudoClient::RunCommandWait' function to gain root privileges. This module has been tested successfully with Dell KACE K1000 version 5.3.
Services By CQR