The Virtual Vertex Muster web interface fails to properly sanitize user-supplied input, allowing an attacker to view arbitrary files within the context of the webserver. This can lead to information disclosure and potential further attacks.
This exploit allows an attacker to upload arbitrary files to the Reflex Gallery plugin in Wordpress. By manipulating the Year and Month parameters in the GET request, the attacker can specify the folder location for the uploaded file. The vulnerable file is php.php, and the exploit involves uploading a file using a form with the specified parameters.
The exploit allows an attacker to upload arbitrary files to the target system using the vulnerable upload-file.php file. The exploit code is written in Perl and uses various modules such as Digest::MD5, MIME::Base64, IO::Socket, and LWP::UserAgent.
Configuration import file upload capability does not fully sanitize file names, which allows attackers to put executable files into the document root. Upload of server side (JSP) script with shell accessing function in order to gain remote OS command execution has been conducted in the POC. To access vulnerable feature, user has to be authenticated in the console. Feature is available to all users, also non-administrative ones. Shell commands are executed with default NPA privileges (arcsight) giving full control over the service (for instance /etc/init.d/arcsight_logger stop has been successfully performed). The culprit feature is accessible to all authenticated users, including ones with sole read-only admin role.
Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials. Other harvested information may aid in launching further attacks.
eSyndiCat Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This exploit crashes the kernel of a Windows running Titan FTP Server 8.40, resulting in the 'blue screen of death'
This module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This module has been tested successfully on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235.
This exploit targets the Windows Animated Cursor Handling vulnerability in fully patched Windows Vista. It allows for remote code execution and is considered the first real exploit of its kind on Vista. The exploit has been tested on various Windows versions, including Windows Vista Enterprise Version 6.0 (Build 6000) and Windows Vista Ultimate Version 6.0 (Build 6000) with default installations and UAC enabled. It may also work on other NT-based Windows versions, although further testing is needed. The exploit bypasses the eeye security ani patch.
The HP Network Node Manager i is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Services By CQR