This exploit allows an attacker to perform a remote BLIND SQL injection attack on Vivvo CMS version 3.4 and below. The exploit takes advantage of a vulnerability in the index.php file of the CMS. The attacker can write the target after submitting the click.
A vulnerability has been discovered in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'real_name' parameter to '/index.php?do=myprofile' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. The script is executed on the parameter page and on any page that allows the user to put a comment. This XSS vector allows executing scripts to gather the CSRF token and submit a form to create a new admin.
This is a quick and messy Proof of Concept (PoC) exploit for the SquirrelMail webmail application. It contains payloads for two vectors: File Write and Remote Code Execution (RCE). It requires user credentials and that SquirrelMail uses Sendmail method as email delivery transport.
The exploit allows an attacker to pull out admin/members information by executing SQL injection queries.
This exploit allows an unprivileged userspace process to escalate into the VirtualBox process, compromising the host kernel. It takes advantage of the loading of arbitrary shared libraries via dlopen() in the libasound library, which is loaded by the privileged VM host process for VMs with ALSA audio.
There is a vulnerability in VirtualBox that permits an attacker with root privileges in a virtual machine with a NAT network interface to corrupt the memory of the userspace host process and leak memory contents from the userspace host process. This probably permits an attacker with root privileges inside the guest to execute arbitrary code in userspace context on the host.
The exploit overwrites the system.ini file. It is advised to make a copy of the file before running the exploit to avoid any damage. The control is marked as RegKey Safe for Script: True, RegKey Safe for Init: True, Implements IObjectSafety: False, KillBitSet: False.
The BadBlue v2.52 Web Server is vulnerable to a Denial of Service (DoS) attack when multiple connections are made from the same host. The server becomes unresponsive until the connections stop.
Buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
This module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a 'limited' user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited 'ATP command line tool' (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden 'ping' command.
Services By CQR