This module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells! Setting the CREATEACCOUNT to true will create a new account, this is enabled by default. If credentials are known enter these and run the exploit.
This is a command injection exploit for the SquirrelMail G/PG deletekey() function. It allows an attacker to execute arbitrary commands on the target system.
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
This exploit targets the Simple HTTPD 1.3 server by sending a specific GET request to the /aux endpoint, causing a denial of service condition. The vulnerability exists in the way the server handles this particular request, leading to a crash or unresponsiveness. The exploit utilizes a socket connection to send the malicious request to the target host and port. This vulnerability was discovered by shinnai and the details can be found on their website at http://shinnai.altervista.org.
The vulnerability in WebKit's support of the obsolete showModalDialog method allows an attacker to perform synchronous cross-origin page loads. This can lead to time-of-check-time-of-use (TOCTOU) bugs in the code responsible for enforcing the Same-Origin Policy, potentially resulting in UXSS (Universal Cross-Site Scripting) attacks. The original bug exploited a TOCTOU bug in SubframeLoader::requestFrame to achieve UXSS.
The Ovidentia CMS version 8.4.3 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by manipulating the 'id' parameter in the '/ovidentia/index.php?tg=delegat&idx=mem&id=1' path. This allows the attacker to execute arbitrary SQL queries and potentially gain unauthorized access to the database.
The AVSMJPEGFILE.DLL file version 1.1.1.102 is vulnerable to a remote buffer overflow. The vulnerability allows an attacker to execute arbitrary code on the target system by exploiting a flaw in Internet Explorer settings. The issue is triggered when the DLL attempts to write data to an invalid memory address, leading to an ACCESS_VIOLATION exception. This exploit has been tested on Windows XP Professional SP2 with all patches applied.
The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS.
Trend Micro Deep Discovery Inspector IDS can be easily bypassed by sending malicious commands encoded using percent/hex encoding like %77%67%65%74. This allows attackers to execute their payload without triggering any alerts or notifications.
The plugin Hybrid Composer allows unauthenticated users to update any option in the options database table. A Hybrid Composer plugin enables API routes by registering actions with either wp_ajax_ for authenticated or wp_ajax_nopriv_ for unauthenticated calls. Plugins using wp_ajax_nopriv_ actions should be fine as long as they are not giving access to methods with critical functionalities. index.php in the WPTF Hybrid Composer plugin prior 1.4.7 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nopriv_ usage. Anyone can change the plugin's setting by simply sending a request with a hc_ajax_save_option action.
Services By CQR