This module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes.
Vtiger CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file.
The YaPIG 0.95b portal is vulnerable to remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target server.
PHPmyGallery is prone to multiple cross-site scripting vulnerabilities and a local file-disclosure vulnerability because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information from local files on computers running the vulnerable application. This may aid in further attacks.
The WinRar SFX OLE Command Execution vulnerability allows an attacker to execute arbitrary commands on a Windows system by creating a specially crafted SFX archive. By tricking a user into opening the archive, the attacker can run arbitrary code with the same privileges as the user.
The PowerVR SGX driver in Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Information obtained may aid in further attacks.
The PStruh-CZ portal is vulnerable to a remote file disclosure vulnerability. By manipulating the 'File' parameter in the 'download.asp' script, an attacker can disclose sensitive files on the server. In the provided example, an attacker can download the '/etc/passwd' file.
This exploit affects the ExcelViewer.ocx version 3.1.0.6. It allows an attacker to cause a denial of service by exploiting multiple methods including DoOleCommand, FTPDownloadFile, FTPUploadFile, HttpUploadFile, Save, and SaveWebFile. All software that uses this ocx are vulnerable to these exploits.
Problem dealing with over sized passwords. Once the DoS has been sent the victim's psybnc's pid slowly begins to eat up cpu usage. This also results in the fact that psybnc holds the connection with a TIME_WAIT further denying access to the bnc. If you try and exploit the server more times than it allows connections in force mode. The result will be a Broken Pipe, in standard mode it will tell you the server is not vuln.
This vulnerability allows a local attacker to execute arbitrary code with escalated privileges. The vulnerability is caused by a buffer overflow in Symantec Encryption Desktop.
Services By CQR