This module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is not validated, allowing shell metacharacters. When performing image operations on JPEG files, the filename is passed to the `exiftran` utility without appropriate sanitization, causing shell commands in the file name to be executed, resulting in remote command injection as the web server user. The PHP connector is not enabled by default. The system must have `exiftran` installed and in `$PATH`. This module has been tested successfully on elFinder versions 2.1.47, 2.1.20 and 2.1.16 on Ubuntu.
Stored Cross-Site Scripting vulnerability in pfSense 2.4.4-p1 (HAProxy Package 0.59_14) allows an attacker to inject malicious scripts into a web page, which will be executed when other users view the page.
CoreFTP 2.0 is vulnerable to a Denial of Service attack via the PBSZ command. The PBSZ command in CoreFTP allows for a certain length of the string to be vulnerable to a DoS. This script triggers the DoS by filling ECX with the intended buffer. Although NSEH/SEH is overwritten, the executable binary is SafeSEH protected and no other assemblies are referenced.
The vulnerability allows an attacker to perform a SQL injection attack by manipulating the 'idevent' parameter in the 'events.php' page. By injecting malicious SQL code, the attacker can retrieve sensitive information from the MySQL database, such as usernames and passwords of the 'mysql.user' table. The vulnerability is located in line 4 of the code snippet provided.
This exploit allows remote attackers to execute arbitrary code on the target system by deleting the target configuration file and sending a crafted payload.
This script is used to create a new user 'pentest' in the administrators group with the password 'P3nT3st!' in the PRTG Network Monitor application. The exploit requires authentication and the script uses a cookie for authentication. Default credentials for the application are prtgadmin/prtgadmin.
Versions of the OpenKM Document Management < 6.3.7 allows upload a malicious JSP file into the "/okm:root" directories and move that file to the home directory of the site. This vulnerability is carried out by interfering to the "Filesystem path" control in the admin's "Export" field. As a result, attackers can gain remote code execution through the application server with root privilege. This module allows the execution of remote commands on the server by creating a malicious JSP file. Module has been tested successfully with OpenKM DM between 6.3.2 and 6.3.7 on Debian 4.9.18-1kali1 system. There is also the possibility of working in lower versions.
This exploit targets the Amber Script 1.0 and allows an attacker to include and view arbitrary local files on the server. The exploit URL is http://[Taget]/[amber_path]/scripts/include/show_content.php?id=LFÄ° %00
The OrientDB 3.0.17 GA Community Edition (March 7th, 2019) is vulnerable to CSRF attacks and XSS vulnerabilities. An attacker can create and delete databases using CSRF attacks.
This exploit allows an attacker to execute remote code on Windows Vista and Windows XP systems that have Quicktime 7.3 or 7.2 installed. The exploit takes advantage of a SEH overwrite vulnerability in the Quicktime player. It has been tested and confirmed to work on Quicktime 7.3 and 7.2 on both Windows Vista and Windows XP SP2.
Services By CQR