The Fastpublish CMS 1.9999 is vulnerable to remote file inclusion. The vulnerability is present in the designconfig.php file at line 25, where the fsBase parameter is not properly validated before being included in the code. An attacker can exploit this vulnerability by supplying a malicious URL in the fsBase parameter, leading to remote file inclusion.
This exploit is a stack-based overflow in HP OpenView Network Node Manager. It has been tested on NNM Release B.07.50 on Windows 2000 server SP4. The exploit code sends an evil buffer to the NNM CGI and hijacks the entry point to inject sleep before execution, allowing for debugging. The payload is sent to the target, resulting in a shell being opened on port 4444.
The Linux fair scheduler on NUMA systems has a use-after-free vulnerability in task_struct::numa_faults and task_struct::numa_group. The show_numa_stats() function, which is accessible through /proc/$pid/sched, reads data from ->numa_faults after it has been freed, resulting in a use-after-free read and potential information disclosure to userspace.
This module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.
This module bypasses the user password requirement in the OpManager v12.4.034 and prior versions. It performs authentication bypass and executes commands on the server. This 0day has been published at DEFCON-AppSec Village.
This module exploits sqli and command injection vulnerability in the ME Application Manager v14.2 and prior versions. It creates a new admin user with SQLi (MSSQL/PostgreSQL) and provides privilege escalation. It uploads malicious file using the "Execute Program Action(s)" feature of Application Manager.
This module exploits sqli and command injection vulnerability in the OpManager v12.4.034 and prior versions. Module creates a new admin user with SQLi (MSSQL/PostgreSQL) and provides privilege escalation. Therefore low authority user can gain the authority of 'system' on the server. It uploads malicious file using the 'Execute Program Action(s)' feature of Application Manager Plugin. This 0day has been published at DEFCON-AppSec Village.
A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques.
The search function provided within WordPress fails to sanitize input based on different character sets, making it exploitable using charset-based SQL injection. Known character sets exploitable include Big5 and GBK.
This module exploits a command injection vulnerability in Apache Tika 1.15 - 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic bytes checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to execute. A JScript stub is passed to execute arbitrary code. This module was verified against version 1.15 - 1.17 on Windows 2012. While the CVE and finding show more versions vulnerable, during testing it was determined only > 1.14 was exploitable due to jp2 support being added.
Services By CQR