This module exploits a command injection vulnerability in Imperva SecureSphere 13.x. The vulnerability exists in the PWS service, where Python CGIs didn't properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to command injection. Agent registration credential is required to exploit SecureSphere in gateway mode. This module was successfully tested on Imperva SecureSphere 13.0/13.1/13.2 in pre-ftl mode and unsealed gateway mode.
This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. This module has been tested successfully on FreeBSD 8.3-RELEASE (amd64) and FreeBSD 9.0-RELEASE (amd64).
The exploit allows an attacker to overflow the buffer in the 'Copy disc to image file' function of Anyburn version 4.3. By providing a specially crafted file name, an attacker can execute arbitrary code on the target system. The exploit takes advantage of a buffer overflow vulnerability and uses a unicode mixed shellcode to bypass security measures. The shellcode spawns the Windows calculator application (calc.exe) as a proof of concept.
This module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the 'index.php' file is allowed to work in the virtual web server directory. No files can be executed except 'index.php'. Gives an access error. After the harmful 'index.php' has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions.
The binder driver in the Linux kernel allows userspace to free buffers in the kernel-managed shared memory region by using the BC_FREE_BUFFER command. This can lead to memory corruption and potential privilege escalation.
This exploit allows an attacker to inject SQL code in the 'where' parameter of the search.php page in OpenDocMan 1.3.4, which can lead to unauthorized access or manipulation of the database.
The Mp3 ToolBox 1.0 beta 5 script is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by including a malicious file from a remote server, which can lead to unauthorized access or execution of arbitrary code.
This Perl script is used to exploit a vulnerability in PHPNuke. It allows an attacker to inject arbitrary code and create a new message in the admin panel. The script sends a POST request with the necessary parameters to the admin.php endpoint of the target website. The injected code is executed when the message is viewed by visitors. This exploit was published on milw0rm.com on September 16, 2004.
There are multiple bypass vulnerabilities in the WordPress Cerber Security, Antispam & Malware Scan plugin. These vulnerabilities include:1. Stop user enumeration bypass: It is possible to bypass user enumeration protection by using the Post method instead of Get.2. Protect admin scripts bypass: Admin scripts protection can be bypassed by adding one or more slashes to the URI.3. Protects wp-login.php, wp-signup.php and wp-register.php from attacks bypass: This protection can be bypassed by encoding any character in the URI.4. Hide login URL bypass: The login URL can be bypassed by encoding any character in the URI, which will cause Cerber to return the secret slug in the Location header field.5. Stop user enumeration via REST API bypass: User enumeration can be bypassed by inserting /index.php/ between the domain and the REST route.6. Disable REST API bypass: Same as above.
In the 3.1.12 Pro version of the Craft CMS web application, the XSS vulnerability has been discovered in the header insertion field when adding source code.
Services By CQR