This module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string. This module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly affected, but untested.
This exploit allows an attacker to perform SQL injection in the 'order' parameter of the 'viewforum.php' file in PNphpBB2 version 1.2i and below. The attacker can inject a subquery to retrieve the user_password hash from the pn_phpb table.
Trivially exploitable stack overflow vulnerability in ESRI ArcSDE 9.0 - 9.2sp1 allows remote attackers to execute arbitrary code via a crafted request that triggers a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
The second argument of window.open is a name for the new window. If there's a frame that has the same name, it will try to load the URL in that. If not, it just tries to create a new window and pop-up. But without the user's click event, its attempt will fail.
This exploit takes advantage of a vulnerability in the MyCMS admin files, allowing an attacker to execute remote commands on the target server. The vulnerability is caused by a bypassable function that checks for an admin cookie. By putting PHP code in the settings.inc file, which is required in many pages, an attacker can create a shell on the victim site.
The vulnerability is located in the hight-scores management files of the game in MyCMS. The code allows for arbitrary code execution by including a file based on user input. This exploit creates a shell on the victim's site. The vulnerability can be exploited by setting the scoreid parameter in the games.php file.
This exploit takes advantage of a remote buffer overflow vulnerability in DiskSavvy Enterprise version 9.4.18. It uses a SEH overwrite technique with WoW64 egghunters to gain remote code execution. The exploit is specifically designed for 64-bit operating systems. It includes a modified version of the original Win7 egghunter and a Win10 WoW64 egghunter. If a WoW64 egghunter is needed for other Windows versions, the author can be contacted through their website.
This exploit targets a buffer overflow vulnerability in the "SaveBMP()" method of AXIS Camera Control (AxisCamControl.ocx v. 1.0.2.15). The vulnerability allows an attacker to execute arbitrary code on vulnerable systems.
EasyCom PHP API suffers from multiple Buffer Overflow entry points, which can result in arbitrary code execution on affected system.
This module exploits object injection, authentication bypass, and IP spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing an authentication bypass issue on gauge.php, adversaries can exploit an object injection vulnerability that leads to an SQL injection attack, which leaks an administrator session token. Attackers can create a rogue action and policy that enables them to execute operating system commands using the captured session token. As a final step, an SSH login attempt with invalid credentials can trigger the created rogue policy, which in turn triggers an action that executes an operating system command with root user privileges. This module was tested against the following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1
Services By CQR