This exploit adds an account to the machine by appending a file using logrotate. It relies on logrotate for help and can be modified to work with cron daemons that are not too strict about the cron file format.
This vulnerability is in the authentication state and is located in the CMS management panel. There are two vulnerabilities: Vuln One and Vuln Two. Vuln One is in the URI POST /ulicms/admin/index.php?action=languages with parameter name. Vuln Two is in the URI POST /ulicms/admin/index.php?action=pages_edit&page=23 with parameter systemname.
This exploit allows an attacker to bypass CVE-2019-0841 by deleting files and subfolders within a specific directory, causing Microsoft Edge to crash and then write the DACL while impersonating the SYSTEM. The bug is not restricted to Edge and can potentially be triggered with other packages as well. The bug can be triggered silently without Edge popping up, by launching Edge once and then minimizing or closing it. The exploit can be executed programmatically, using methods like sendinput.
The vulnerability allows an attacker to execute arbitrary SQL commands on the target system by injecting malicious SQL code into the 'id' parameter of the 'leggi_commenti.asp' page. By exploiting this vulnerability, an attacker can retrieve sensitive information from the database, such as passwords.
This module exploits untrusted serialized data processed by the WAS DMGR Server and Cells. NOTE: There is a required 2 minute timeout between attempts as the neighbor being added must be reset.
When `Grow` is called on a `WebAssembly.Memory` object that's backed by a `SharedArrayBuffer`, it uses the buffer's backing store pointer to construct a new array buffer[1]. Calling `Detach` on shared buffers is prohibited by the spec, so the method just leaves the old one as it is. Thus two array buffers mi
This exploit takes advantage of a local buffer overflow vulnerability in DVDXPlayer 5.5 Pro. By sending a specially crafted payloadofficial.plf file, an attacker can trigger a buffer overflow and gain control of the SEH (Structured Exception Handling) chain. This allows the attacker to execute arbitrary code on the targeted system.
Multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities in SerWeb version 2.0.0 dev1 2007-02-20 allow attackers to include arbitrary files from remote servers or local file system, which could lead to remote code execution or unauthorized access to sensitive information.
The IceWarp version 10.4.4 is vulnerable to local file inclusion. An attacker can exploit this vulnerability by including local files and executing arbitrary code. This vulnerability has been assigned CVE-2019-12593.
The vulnerability allows an attacker to disclose arbitrary files on the server by exploiting a file path traversal issue in the 'resize.php' script of the PictPress WordPress plugin. By manipulating the 'size' and 'path' parameters in the URL, an attacker can traverse directories and read sensitive files, such as the '/etc/passwd' file.
Services By CQR