This exploit allows an attacker to include a remote file in the phpMyPortal 3.0.0 RC3 script by manipulating the GLOBALS[CHEMINMODULES] parameter in the articles.inc.php file. The attacker can specify a remote file URL, which will be included and executed by the vulnerable script.
SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
This exploit triggers a buffer overflow vulnerability in the IncrediMail IMMenuShellExt ActiveX Control, allowing an attacker to execute arbitrary code on the vulnerable machine. The exploit opens the Calculator application as a proof of concept.
The gnuedu 1.3b2 software is vulnerable to multiple remote file inclusion vulnerabilities. An attacker can exploit these vulnerabilities by including a remote file in the affected script, which can lead to remote code execution.
The PHPLojaFacil version 0.1.5 is vulnerable to remote file inclusion attacks. The 'path_local' parameter in the 'ftp.php', 'db.php', and 'ftp.php' files can be manipulated to include arbitrary files from remote servers.
The CGX 2005-03-14 application is vulnerable to remote file inclusion attacks. An attacker can exploit this vulnerability by sending a specially crafted request to the 'inc/mtdialogo.php', 'inc/ltdialogo.php', 'inc/login.php', or 'inc/logingecon.php' script with the 'pathCGX' parameter set to a malicious file. This allows the attacker to execute arbitrary code on the affected system.
Multiple memory corruption issues were found while fuzzing the ZIP file format. Some of these issues can be exploited for remote code execution as NT AUTHORITYSYSTEM on systems with Kaspersky Antivirus.
The attached testcase was found by fuzzing DEX files, and results in a heap overflow with a wild memcpy. Note that Kaspersky catch exceptions and continue execution, so running into unmapped pages doesn't terminate the process, this should make exploitation quite realistic.
When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. The naming pattern of these certificates is {CN}.cer. By creating a malicious certificate with a specially crafted Common Name (CN), an attacker can bypass certificate validation and potentially execute arbitrary code. The attacker can generate a certificate using OpenSSL and then start a server to serve the malicious certificate. When a Windows host with Kaspersky installed navigates to the server, Kaspersky will create a certificate with the specified name on the desktop, allowing the attacker to potentially execute code.
This module exploits a vulnerability found in Uptime version 7.4.0 and 7.5.0. The vulnerability began as a classic arbitrary file upload vulnerability in post2file.php, which can be exploited by exploits/multi/http/uptime_file_upload_1.rb, but it was mitigated by the vendor. Although the mitigation in place will prevent uptime_file_upload_1.rb from working, it can still be bypassed and gain privilege escalation, and allows the attacker to upload file again, and execute arbitrary commands.
Services By CQR