This exploit allows an attacker to remotely trigger a buffer overflow vulnerability in the "USER" command of MailCarrier 2.51 POP3 server. By sending a specially crafted request to the server, an attacker can overwrite the EIP register and gain control of the execution flow, potentially allowing for remote code execution.
This module exploits a command execution vulnerability in CuteNews prior to 2.1.2. The attacker can infiltrate the server through the avatar upload process in the profile area. There is no realistic control of the $imgsize function in "/core/modules/dashboard.php" Header content of the file can be changed and the control can be bypassed. We can use the "GIF" header for this process. An ordinary user is enough to exploit the vulnerability. No need for admin user. The module creates a file for you and allows RCE.
Remote Mouse 3.008 fails to check for authentication and will execute any command any machine gives it. This script pops calc as proof of concept (albeit a bit slowly). It also has an index of the keycodes the app uses to communicate with the computer if you want to mess around with it yourself.
This is a remote buffer overflow exploit in MailCarrier version 2.51. By sending a specially crafted 'RCPT TO' command, an attacker can overflow a buffer and potentially execute arbitrary code.
Multiple security vulnerabilities has been discovered in popular server control panel DirectAdmin, by InfinitumIT. Attackers can combine those security vulnerabilities and do a lot of critical action like server control takeover. Those vulnerabilities (Cross Site Scripting and Cross Site Request Forgery) may cause them to happen: Add administrator, execute command remote (RCE), Full Backup the Server and Upload the Own Server, webshell upload and more.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact" files <c:Url> node param which takes an expected website value, however if an attacker references an executable file it will run that instead without warning instead of performing expected web navigation. This is dangerous and would be unexpected to an end user. Executable files can live in a sub-directory so when the ".contact" website link is clicked it traverses directories towards the executable and runs. Making matters worse is if the the files are compressed then downloaded "mark of the web" (MOTW) may potentially not work as expected with certain archive utilitys. The "." chars allow directory traversal to occur in order to run the attackers supplied executable sitting unseen in the attackers directory. This advisory is a duplicate issue that currently affects Windows .VCF files
This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager' field contains arbitrary file upload vulnerability. The '$IllegalExtensions' function has control weakness and shortcomings. It is possible to see illegal extensions within 'constants.inc.php'. (exe|asp|php|php3|php5|cgi|bat...) However, there is no case-sensitive control. Therefore, it is possible to bypass control with filenames such as '.phP', '.Php'. It can also be used in dangerous extensions such as 'shtml' and 'phtml'. The directory path for the 'content' folder is located at 'config.inc.php'. For the exploit to work, the 'define ('AT_CONTENT_DIR', 'address')' content folder must be located in the web home directory or the address must be known. This exploit creates a course with the teacher user and loads the malicious php file into server.
The FTP Shell Server 6.83 'Account name to ban' feature is vulnerable to a buffer overflow attack. By providing a specially crafted account name, an attacker can trigger the overflow and execute arbitrary code. This exploit was created to demonstrate the vulnerability during intern training in 2019.
This exploit allows an attacker to execute arbitrary commands on the target system without authentication. It takes advantage of a vulnerability in Dell KACE Systems Management Appliance (K1000) version 6.4.120756 and earlier.
The wpQuiz 2.7 script is vulnerable to a remote SQL injection attack. The vulnerability can be exploited through the viewimage.php file by using a specially crafted SQL query. By injecting SQL code, an attacker can bypass authentication and retrieve sensitive information from the database, such as usernames and passwords.
Services By CQR