This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands in the system with ordinary user authority. No need admin privilage. There is almost no control in the avatar upload section in the profile edit area. Only a client-based control working with javascript. (Simple pre-check) If we do not care about this control, the desired file can be sent to the server via Interception-Proxies. The module opens the meterpreter session for you by bypassing the controls.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
This exploit causes a Denial of Service (DoS) in RealPlayer 11. The exploit is written in Python and creates a file named test.au that, when opened with RealPlayer 11, triggers the DoS vulnerability.
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN printer via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. An attacker can inject arbitrary HTML code into the affected parameter, potentially leading to code execution or information disclosure.
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
The Windows Media Player crashes when opening the kr.aiff file. This crash can also occur in other media players. The exploit triggers a divide by zero exception.
An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.
This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.
The FTP Admin v0.1.0 web-based user administration tool is vulnerable to multiple vulnerabilities including XSS, Local File Inclusion, and Admin Bypass. The XSS vulnerability allows an attacker to inject arbitrary HTML or script code into the error parameter of the index.php page. The Local File Inclusion vulnerability allows an attacker to include arbitrary local files by manipulating the page parameter of the index.php page. The Admin Bypass vulnerability allows an attacker to bypass authentication by manipulating the loggedin parameter of the index.php page.
The vulnerability allows an attacker to disclose files from the target system by manipulating the 'sFilePath' parameter in the 'file_download.php' script. By traversing the directory structure with '../', an attacker can access sensitive files such as '/etc/passwd'.
Services By CQR