This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but on versions of EFW I tested, this account had broad sudo permissions, including to run the script /usr/local/bin/chrootpasswd as root. This script changes the password for the Linux root account on the system to the value specified by console input once it is executed. The password for the proxy user account specified will *not* be changed by the use of this module, as long as the target system is vulnerable to the exploit. Very early versions of Endian Firewall (e.g. 1.1 RC5) require HTTP basic auth credentials as well to exploit this vulnerability. Use the standard USERNAME and PASSWORD advanced options to specify these values if required. Versions >= 3.0.0 still contain the vulnerable code, but it appears to never be executed due to a bug in the vulnerable CGI script which also prevents normal use. Tested successfully against the following versions of EFW Community: 1.1 RC5, 2.0, 2.1, 2.5.1, 2.5.2. Used Apache mod_cgi Bash Environment Variable Code Injection and Novell ZENworks Configuration Management Remote Execution modules as templates.
This vulnerability allows remote attackers to execute arbitrary code and gain unauthorized access to the affected system. By manipulating the 'install_demo_name' parameter in the 'install/index.php' file, an attacker can overwrite the contents of the 'config_update.php' file, leading to remote code execution and unauthorized access.
This exploit allows an attacker to include local files on a vulnerable NMDeluxe 1.0.1 template. The attacker can potentially access sensitive information or execute arbitrary code.
The CNStats 2.9 script is vulnerable to remote file inclusion. By exploiting the vulnerability in the 'who_r.php' and 'who_s.php' files, an attacker can include malicious code hosted on a remote server.
NetArt Media Jobs Portal is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in an RPC interface of the DNS service used for remote management of the service. This can be exploited to cause a stack-based buffer overflow via a specially crafted RPC request. The DnssrvQuery function is vulnerable to this stack overflow.
There are two buffer overflows in the 'sox' and 'play' commands. The flaws reside in the st_wavstartread() function in 'wav.c', where the function reads data based on a user-supplied size variable into a buffer without checking to see if the specified amount of data will fit into the buffer. A remote user can create a WAV file that, when processed by the target user, will execute arbitrary code on the target system with the privileges of the SoX process.
Cross site scripting attack can be performed on the manage engine asset explorer. If the 'publisher' name contains vulnerable script, it gets executed in the browser.
This is a remote SQL injection exploit for Papoo version <= 3.02. It allows an attacker to inject SQL queries into the Papoo database.
This proof of concept (PoC) demonstrates a crash vulnerability in Safari 8.0.X on OS X Yosemite 10.10.3. By opening a specific IP address and port in Safari, the application crashes.
Services By CQR