F*EX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible.
This vulnerability allows an attacker to include remote files in the MyBlog PHP and MySQL Blog/CMS software. The exploit can be triggered by manipulating the 'scoreid' parameter in the 'games.php' script.
Another .Ani bug that freezes Explorer if you open a folder that contains a crafted file.
Exploit gives a reverse shell to lhost:lport
This exploit takes advantage of a local file inclusion vulnerability in the PHP-Nuke Module eBoard 1.0.7. By manipulating the GLOBALS[name] parameter, an attacker can include arbitrary files from the target system.
This is a SEH (Structured Exception Handling) exploit that allows an attacker to gain control of the execution flow of a program by exploiting a vulnerability in the exception handling mechanism. The exploit uses a ROP (Return-Oriented Programming) chain to bypass DEP (Data Execution Prevention) and execute a shellcode that spawns the calculator (calc.exe) on a Windows 7 Ultimate x64 system. The exploit was originally published on Exploit-DB (ID: 36465) by TUNISIAN CYBER and modified by ThreatActor at CoreRed.com (ID: 36826).
ZYXEL Embedded Software does not check Cookies And Credentials on POST method so attackers could changes settings and view pages with post method. Sending empty Post to admin pages will crash internal web server and router needs to hard reset.
This exploit takes advantage of a file upload vulnerability found in Wolf CMS 0.8.2, and possibly prior versions. Attackers can abuse the upload feature to upload a malicious PHP file into the application with an authenticated user, resulting in arbitrary remote code execution. The vulnerability is found in the File Manager Function, which provides interfaces to manage files from the administration. There are no restrictions regarding the type of files allowed for uploading, allowing an attacker to upload a PHP shell file with malicious code and gain full control of the victim server. The uploaded file can also be moved to the root directory, making it accessible through the Internet.
The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file retrieval due to a directory traversal vulnerability. In certain circumstances, the retrieved file is also deleted. An attacker can retrieve files from the server by using a specific URL and intercepting the server's response.
This module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.