This vulnerability allows an attacker to include remote files in the XT-Conteudo module for XOOPS CMS. The vulnerable code is located in the 'spaw_control.class.php' file, where it includes the 'spaw_control.config.php', 'toolbars.class.php', and 'lang.class.php' files without proper validation. An attacker can exploit this by providing a malicious URL as the 'spaw_root' parameter, leading to remote file inclusion and potential code execution.
This module attempts to exploit two different CVEs related to overlayfs. CVE-2015-1328: Ubuntu specific -> 3.13.0-24 (14.04 default) < 3.13.0-55 3.16.0-25 (14.10 default) < 3.16.0-41 3.19.0-18 (15.04 default) < 3.19.0-21 CVE-2015-8660: Ubuntu: 3.19.0-18 < 3.19.0-43 4.2.0-18 < 4.2.0-23 (14.04.1, 15.10) Fedora: < 4.2.8 (vulnerable, un-tested) Red Hat: < 3.10.0-327 (rhel 6, vulnerable, un-tested)
The XOOPS Module XFsection version < 1.07 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by accessing the 'modify.php' file with a malicious 'dir_module' parameter, which allows them to include arbitrary remote files.
FreeFloat FTP server allows login as root without a user and password, this vulnerability allows an attacker to login and send a long chain of characters that overflow the buffer. When the attacker knows the exact number that overwrites the EIP registry, they can take possession of the application and send a malicious code (payload) to the ESP stack pointer that allows obtaining remote code execution on the system running the FTP Server, in this case Windows XP.
This WebApplication is vulnerable and suffer from some vulnerability. The first exploit is a CSRF (Cross-Site Request Forgery) where an attacker can add a page to the web app. The second exploit is a Stored XSS (Cross-Site Scripting) where an attacker can inject malicious scripts into the page. The third exploit is a Backup Disclosure vulnerability where an attacker can delete the htaccess file in the backup folder.
This exploit targets Sami FTP Server version 2.0.2 and leverages a SEH (Structured Exception Handling) overwrite vulnerability to execute arbitrary code. By sending a specially crafted request to the FTP server, an attacker can overwrite the SEH record and gain control of the program's execution flow, allowing them to execute their own shellcode. The exploit code provided in the script demonstrates how to achieve this.
This exploit targets a buffer overflow vulnerability in the FreeFloat FTP Server. The vulnerability allows an attacker to execute arbitrary code by sending a specially crafted HOST command to the server. The exploit takes advantage of a return address overwrite in the HOST command buffer to redirect program execution flow to a shellcode payload. The shellcode payload used in this exploit is a reverse TCP shell from the Metasploit Framework. The exploit has been tested on Windows XP Professional SP3 x86.
This exploit targets the MSODataSourceControl.DeleteRecordSourceIfUnused COM-object in Microsoft Office 2003. By passing a large string as an argument to the DeleteRecordSourceIfUnused method, a buffer overflow vulnerability can be triggered, potentially leading to remote code execution. This Proof of Concept (POC) script demonstrates the vulnerability.
The vulnerability occurs when a suid-root binary is executed and the kernel invalidates the old task and thread port structures, but the task struct itself remains the same. This allows an attacker to have control over the VM and threads of an euid 0 process by manipulating the task struct pointer.
The escape handler for 0x10000e9 lacks bounds checks and passes a user specified size as the size to memcpy, resulting in a stack buffer overflow. This vulnerability can potentially allow a malicious user to gain control of the affected machine.
Services By CQR