This module uses information disclosure to determine if MS17-010 has been patched or not. It connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine does not have the MS17-010 patch. This module does not require valid SMB credentials in default server configurations. It can log on as the user "" and connect to IPC$."
Mantis account verification page 'verify.php' allows resetting ANY user's password. Remote un-authenticated attackers can send HTTP GET requests to Hijack ANY Mantis accounts by guessing the ID / username.
Pull out admin user/pass from the database
This module will Crush WinSCP FTP client
If a user does not specify a 'canonical' URL on installation of concrete5, unauthenticated remote attackers can write to the 'collectionversionblocksoutputcache' table of the MySQL Database, by making HTTP GET request with a poisoned HOST header. Some affected concrete5 webpages can then potentially render arbitrary links that can point to a malicious website.
This exploit targets a vulnerability in Flash FLV version 9.0.45.0. It allows an attacker to execute arbitrary code on the target system.
The win32k!NtGdiGetDIBitsInternal system call in Windows is vulnerable to a double-fetch vulnerability. This can potentially lead to kernel pool memory disclosure or denial of service. The vulnerability occurs when accessing the BITMAPINFOHEADER structure multiple times, specifically its .biSize field. By manipulating the user-controlled 'bmi' buffer, an attacker can exploit this vulnerability to corrupt memory or cause a denial of service. However, the exploit is mostly harmless due to various checks in place that prevent major consequences.
The vulnerability allows an attacker to extract admin email/passwords by exploiting a SQL Injection vulnerability in the 'referralUrl.php' script. By using a UNION-based SQL injection, an attacker can retrieve the email and password of the admin from the 'StatAdmin' table.
The provided PoC triggers a heap buffer overflow vulnerability in Safari 10.0.3 (12602.4.8). By repeatedly refreshing the page, the exploit crashes the browser.
The PoC code creates an iframe and appends it to the body. It then attempts to adopt the iframe using `adoptNode` from another iframe's content document. This triggers a use-after-free vulnerability, leading to a heap-use-after-free error. The vulnerability can potentially be used to achieve UXSS (Universal Cross-Site Scripting) in WebKit.
Services By CQR