This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.
Litespeed will parse an URL/Files mimetype incorrectly when given a nullbyte.
Cisco Prime Infrastructure (CPI) contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege escalation to root by bypassing execution restrictions in a SUID binary. This module exploits these vulnerabilities to achieve unauthenticated remote code execution as root on the CPI default installation.
The vulnerability allows an attacker to include a remote file on the vulnerable server. In this case, the vulnerability exists in the scripture.php file of TOWeLS version 0.1. By manipulating the 'pageHeaderFile' parameter, an attacker can include a malicious file hosted on a remote server.
There is an include on almost all the php files, which includes the language template. The vulnerability allows an attacker to execute arbitrary commands on the server by manipulating the language parameter. By exploiting this vulnerability, an attacker can compromise the entire clients of the ISPConfig.
This exploit allows an attacker to bypass the safe_mode and disable_function restrictions in PHP 5.x COM functions, potentially leading to remote code execution and compromise of the server. The vulnerability can be exploited both locally and remotely, with remote execution requiring a server that is MS-based and configured to work with PHP. The exploit takes advantage of the fact that the script is executed from a client that does not check Windows protections against execution of dangerous COM objects. The exploit works on Windows servers running Apache and PHP, and has been tested on Windows XP Pro SP2.
The virtualenv version 16.0.0 allows an attacker to escape the sandbox and execute arbitrary commands with root privileges. By using the '$(bash >&2)' or '$(rbash >&2)' command injection technique, an attacker can execute arbitrary commands in the context of the virtual environment.
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
A cross site scripting vulnerability has been discovered in the AIR5342 modem of the AirTies manufacturer. AirTies Air 5342 devices have XSS via the top.html productboardtype parameter.
This exploit allows an attacker to disclose files remotely on an Apache Tomcat server. It supports SSL connections and requires valid login credentials and webdav access. The exploit is written in Perl.