This exploit allows an attacker to execute remote code without authentication in DiskBoss versions up to 8.8.16. The vulnerability is present in the software editions free8416, pro8416, ult8416, srv8416, ent8416, ent8512, free8816, pro8816, ult8816, srv8816, and ent8816. The exploit has been tested on Windows 7 SP1 x64 and Windows XP SP3 x86. The CVE associated with this vulnerability is CVE-2018-5262.
Muviko 1.1 is vulnerable to multiple SQL Injection attacks. The login.php form parameter 'email', the load_season.php form parameter 'season_id', and the get_raring.php parameter 'movie_id' are all susceptible to SQL Injection.
This module exploits multiple vulnerabilities in Synology PhotoStation. When combined these issues can be leveraged to gain a remote root shell.
This module exploits a command injection vulnerability discovered in Commvault Service v11 SP5 and earlier versions (tested in v11 SP5 and v10). The vulnerability exists in the cvd.exe service and allows an attacker to execute arbitrary commands in the context of the service. By default, the Commvault Communications service installs and runs as SYSTEM in Windows and does not require authentication. This vulnerability was discovered in the Windows version. The Linux version wasn't tested.
This is a Perl script that creates a new connection, sends and receives commands using the DNP3 protocol. It reads command line arguments to configure the host, port, and timeout. The script uses the IO::Socket::INET module to handle the network communication. The 'Send' command sends a specific data payload to the connected host, and the 'Receive' command waits for a response and prints it. The script closes the connection after executing all commands.
The local print spooler can be abused to create an arbitrary file from a low privilege application, leading to EoP. When creating an XPS print job, it's possible to specify the destination file in the DOC_INFO_1 structure passed to StartDocPrinter. The spooler service impersonates the caller and ensures they can write to the target. It then deletes the file it created under impersonation and raises the IL of the caller's token. This allows writing to any user-controlled location.
The MemoryIntArray class in Android allows for a race condition where an attacker can alter the size of the shared memory region between the first size retrieval and the mapping operation. This can lead to potential security vulnerabilities in the affected system.
This vulnerability allows unauthenticated users to upload arbitrary files to the WordPress LearnDash plugin. The plugin does not check if the user is authenticated or allowed to upload files, resulting in unauthorized file uploads.
This exploit targets a remote SQL injection vulnerability in phpBB version 2.0.22 with Links MOD version 1.2.2. By manipulating the 'search_keywords' parameter in the 'links.php' script, an attacker can execute arbitrary SQL queries on the underlying database and retrieve sensitive information such as usernames and hashed passwords.
nvcoaft51.sys driver receive as parameter in some ioctl's a pointer to a KEVENT struct, calling KeSetEvent without any prior check. The device created by the driver (NvcOa) can be opened by any user. As result, a user can send a IOCTL with a fake KEVENT struct and finish executing code at ring0
Services By CQR