This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell.
This exploit targets a vulnerability in the pppd plugin loading mechanism in Mac OS X version 10.4.8 and below. It allows an attacker to escalate their privileges on the system.
This is a remote buffer overflow exploit targeting the Dart Communications PowerTCP ZIP Compression Control (DartZip.dll 1.8.5.3) in IE 6 on Windows XP SP2. The exploit allows an attacker to add a user 'sun' with the password 'tzu'. The shellcode used is a Metasploit one.
This exploit allows an attacker to perform arbitrary unserialize and arbitrary write file operations in Magento versions below 2.0.6. By exploiting a vulnerability in the Magento framework, an attacker can execute arbitrary code and potentially take control of the system.
The vulnerability allows remote attackers to execute arbitrary files by including a remote file in the vulnerable application.
The 'net' HTTP form POST parameter to dns.php script is not checked/sanitized and is used directly in MySQL query allowing attacker to easily exfiltrate any data from the backend database by using SQL Injection exploits.
This exploit allows local privilege escalation on Microsoft Windows 7-10 and Server 2008-2012. It does not rely on powershell.exe and can run in security restricted environments with GPO, SRP, App Locker.
The Trend Micro Antivirus CoreServiceShell.exe includes an HTTP daemon with multiple vulnerabilities. The daemon allows path traversal in the /loadhelp/ and /wtp/ endpoints, has header injection bugs, and has an XSS vulnerability in the loader.html file. These vulnerabilities can be combined to remotely access files as SYSTEM on a Trend Micro machine.
Microsoft Windows Media Center (all versions prior to May 11th, 2016) contains a remote code execution upon processing specially crafted .MCL files. The vulnerability exists because Windows Media Center does not correctly processes paths in the "Run" parameter of the "Application" tag, bypassing the usual security warning displayed upon trying to run programs residing on remote (WebDAV/SMB) shares. In order to bypass the Windows Media Center security warning an attacker only needs to write the prefix "file://" before the actual remote location. For example : file:///192.168.10.10shareapp.exe. However, Windows will still display an "Open File" security warning for files placed in remote locations (Internet Security Zone of IE), which can also be bypassed using a special "Control Panel Shortcut" that points to a remote DLL/CPL file. Upon pointing to a shortcut located in a remote share it is possible to run arbitrary code in the context of the currently logged on user. Note: On 64 bits Windows OSes, a 64-bits DLL should be provided, but 32-bits DLL files should work as well. A PoC MCL file is provided, which points to a default Windows share, to retrieve a special "Control Panel Shortcut", that runs a CPL file from the same location (127.0.0.1c$programdatacpl.lnk). Notice that although the address points to the "Localhost", Windows treats it the same way as any other IP based location, placing it in the context of the IE "Internet Security Zone" (default for non-local places). The PoC CPL file only runs "cmd.exe /c calc" for demonstration purposes. Another important note is that after this Micr
This exploit allows an attacker to retrieve the admin username and hash from the Dokeos <= 1.6.5 system. The vulnerability exists in the courseLog.php file, where an SQL query is executed without proper input validation.
Services By CQR