This is a remote code execution exploit for Nuked-klaN 1.7.6. It allows an attacker to execute arbitrary PHP code on the target server.
Multiple CSRF issues in PHP Server Monitor allow remote attackers to add arbitrary users & servers to the system, modify system configurations and delete arbitrary servers, if user (admin) is logged in and visits our malicious website or clicks on our infected links. As no CSRF protection is used in the application, we can make requests on the victim's behalf and the server will happily oblige processing our malicious HTTP requests.
This vulnerability allows an attacker to include remote files in the 'watermark.php' script of vm watermark mod 0.4.1. By manipulating the 'GALLERY_BASEDIR' parameter, an attacker can include a malicious file ('shell.txt' in this case) from a remote server.
Max Forum is prone to multiple input-validation vulnerabilities including a PHP code-execution vulnerability, a local file-include vulnerability and an information-disclosure because it fails to properly sanitize user-supplied input.An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the affected application and to obtain sensitive information that may aid in further attacks.
This exploit takes advantage of a stack buffer overflow vulnerability in the NetUSB kernel. By sending a specially crafted packet to the target device, an attacker can cause a denial of service (DoS) condition.
The 'OpenDVD' method in East Wind Software (advdaudio.ocx v. 1.5.1.1) is vulnerable to a local buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code or crash the application.
The SecEmailComposer/EmailComposer application used by the Samsung S6 Edge has an exported service action to do quick replies to emails. This action requires no permissions to call, allowing an unprivileged application to gain access to email content.
The Exynos Seiren Audio driver has a buffer overflow vulnerability in the write() implementation, allowing for memory corruption. The vulnerability can be triggered by writing to the device endpoint (/dev/seiren) with a user-supplied buffer that is not adequately bounds checked.
Security holes were found in NPDS 5.10. N°1: Sql Injection in cookies (File Mainfile.php lines 655 to 691). No check is carried out on nicknames or Id which can allow an attacker to modify a SQL request so as to obtain data. N°2: SQL Injection due to a bad use of "X_FORWARDED_FOR" (file Mainfile.php lines 88 to 110). NPDS uses the HTTP header "X_FORWARDED_FOR" which normally contains the IP adress of a person using a non anonymous proxy. This Ip address is used in a SQL resquest without appropriate filtering, and an attacker can define "X_FORWARDED_FOR" insering malicious SQL code.
This module writes to the sudoers file without root access by exploiting rsh and malloc log files. Makes sudo require no password, giving access to su even if root is disabled. Works on OS X 10.9.5 to 10.10.5 (patched on 10.11).