WordPress Import CSV | Directory Traversal
The vulnerability allows an attacker to traverse directories and access sensitive files on the server. In this case, the exploit allows accessing the wp-config.php file.
This is a post authentication exploit that requires the HTTP file sharing service to be running on Sysas Multi Server 6.50. The SID can be retrieved from your browser's URL bar after logging into the service. Once exploited, the shellcode runs with SYSTEM privileges. In this example, we attack folder_ in dltslctd_name1.htm. The root path of the user shouldn't break the buffer offset in the stack, though the user will need to have permission to delete folders. If the user has file delete permissions, file_ will work as well. mk_folder1_name1 is also vulnerable with a modified buffer, so this same exploit can be modified to adapt to a users permissions.
This is an exploit for AlstraSoft Template Seller Pro <= 3.25 that allows an attacker to change the admin password. The exploit takes advantage of a vulnerability in the checkLogin function in include/main.php. By providing a valid admin ID and a new password, the attacker can change the admin password.
The Wordpress Plugin Abtest is vulnerable to Local File Inclusion. The vulnerability allows an attacker to include local files on the server by manipulating the 'action' parameter in the 'abtest_admin.php' file. This can lead to unauthorized access to sensitive files and potential remote code execution.
The vulnerability allows an attacker to traverse directories and access sensitive files on the server. In this case, the exploit allows accessing the wp-config.php file.
The SecLogon service does not sanitize standard handles when creating a new process leading to duplicating a system service thread pool handle into a user accessible process. This can be used to elevate privileges to Local System.
This exploit allows an attacker to retrieve admin credentials from the AlstraSoft Live Support v1.21 application. The vulnerable code is located in common.php and does not include an exit function after the header() function, allowing the attacker to extract the admin credentials.
The application suffers from a stack-based buffer overflow vulnerability when parsing large amount of bytes to the 'sourceFile' string parameter in PackFile() and UnpackFile() functions in 'Netwrix.Common.CollectEngine.dll' library, resulting in stack overrun overwriting several registers including the SEH chain. An attacker can gain access to the system of the affected node and execute arbitrary code.
The Kaltura platform contains a number of vulnerabilities, allowing unauthenticated users to execute code, read files, and access services listening on the localhost interface. Vulnerabilities present in the application also allow authenticated users to execute code by uploading a file, and perform stored cross site scripting attacks from the Kaltura Management Console into the admin console. Weak cryptographic secret generation allows unauthenticated users to bruteforce password reset tokens for accounts, and allows low level users to perform privilege escalation attacks.
This is a minimized proof-of-concept for a CSS Injection vulnerability.
This exploit allows an attacker to retrieve the last valid session ID for being an admin or inject a shell with the INTO OUTFILE command.
Services By CQR