This exploit triggers a heap-use-after-free vulnerability in the JavaScriptCore (JSC) engine. By executing a specially crafted JavaScript code, an attacker can cause a crash and potentially execute arbitrary code.
This PoC gains arbitrary command execution by overwriting /etc/crontab. In case of successful exploitation /etc/crontab will contain the following line * * * * * root touch /tmp/pwned
The vulnerability exists in the includes/search.php file of the PHP Arena website. The code shown is susceptible to SQL injection, as it directly concatenates user input ($_POST['categories']) into the SQL query without proper sanitization. An attacker can exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive information from the database.
SQL injection in cat_id of directory.php among others. Able to retrieve email/passwords of users who posted URLs in the directory.
Pullout admin password from database
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks 'dataconfigurations' directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69. This allows remote attackers to overwrite files within the Spiceworks configurations directory, if the targeted file name is known or guessed. Remote attackers who can reach UDP port 69 can also write/upload arbitrary files to the 'dataconfigurations', this can potentially become a Remote Code Execution vulnerability if for example an executable file e.g. EXE, BAT is dropped, then later accessed and run by an unknowing Spiceworks user.
The vulnerability allows an attacker to disclose local files on the target system by exploiting a flaw in the GeoMoose software version 2.9.2 and below. By manipulating the 'id' and 'ext' parameters in the '/php/download.php' URL, an attacker can traverse directories and access sensitive files such as '/etc/passwd' and '/WINDOWS/system32/drivers/etc/hosts'.
CSRF vulnerability in D-link DIR 615 wireless router enables an attacker to perform unwanted actions on router, which may lead to gaining full control of the device.
The CMScout <= 1.23 script is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL queries into the 'page' parameter of the index.php file. This allows the attacker to retrieve sensitive information from the database, such as usernames and passwords.
This exploit targets a vulnerability in the glob() function in PHP 5.2.3. By passing a non-integer value to the 'flags' parameter, an EIP (Extended Instruction Pointer) overwrite can be triggered, causing a Denial of Service. The exploit takes advantage of this to overwrite the EIP with the first 4 bytes of a filename. By saving a file with a specific name and launching it, the EIP can be controlled. This vulnerability was discovered by 'shinnai' with the help of 'Footzo'.
Services By CQR