This exploit is used to perform a remote code execution attack on a target system that is vulnerable to the RDP protocol. The exploit takes advantage of a vulnerability in the RDP protocol implementation to execute arbitrary code on the target system. This can be used to gain unauthorized access to the target system or to launch further attacks.
This module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.
This vulnerability allows an attacker to disclose arbitrary files on the server. By exploiting the '/ezcontents1_4x/index.php?link=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd' URL, an attacker can access sensitive files such as the '/etc/passwd' file.
During a bailout, IonMonkey can leak an internal JS_OPTIMIZED_OUT magic value to the running script, which can be used to achieve memory corruption.
A crafted file name for uploaded document leads to stored XSS. The file name should start from a double quotation mark and can contain malicious JavaScript code.
The SineCMS version 2.3.4 and below is vulnerable to SQL injection in the Calendar module. An attacker can exploit this vulnerability by sending a specially crafted request to the mods.php file, allowing them to retrieve sensitive information from the database. There are also other SQL injection vulnerabilities in the admin panel.
Demonstrates taking an arbitrary write primitive with no info leak, and using it to get all the way to RCE using no shellcode. Uses CVE-2019-0768 to get VBScript to run on IE/Win10.
This Perl script allows an attacker to launch a remote denial of service attack on a target system using the KiF ~ Kiph vulnerability. The script sends a series of INVITE SIP requests to the target IP address, causing the system to become overwhelmed and unresponsive. The script uses random values for the Call-ID and CSeq fields to bypass any security measures in place. If the target system responds with a 100 message, the script continues to send requests. If the target system responds with a 486 message, indicating that it is busy, the script sends an ACK request to finalize the attack. This vulnerability can be exploited by an attacker with knowledge of the target's IP address and user information.
The vulnerability allows an attacker to import a .job file into the task scheduler on Windows 10, which results in a call to the '_SchRpcRegisterTask' RPC function. The function 'tsched::SetJobFileSecurityByName' in the task scheduler service impersonates itself (NT AUTHORITYSYSTEM) and calls 'SetSecurityInfo' on a task it created in c:windowssystem32tasks. This can be abused to modify the permissions of the task and potentially gain elevated privileges.
The vulnerability allows an attacker to write arbitrary discretionary access control list (DACL) on Windows Error Reporting service. By manipulating the timing of the WER reporting queue task, an attacker can replace a file with a hardlink and gain control over the DACL. The exploit requires precise timing and may vary on different hardware setups.
Services By CQR