The vulnerability is found in the com_wmtportfolio component version 1.0 of Joomla. It allows an attacker to include a remote file by manipulating the 'mosConfig_absolute_path' parameter in the 'admin.wmtportfolio.php' file. This can lead to remote code execution on the server.
This module exploits a buffer overflow in the FTPShell client 6.70 (Enterprise edition) allowing remote code execution.
This exploit allows an attacker to execute arbitrary code remotely without authentication in Dolibarr ERP CRM version 7.0.3 or below. By manipulating the 'db_name' parameter in the 'step1.php' page during the installation process, an attacker can inject malicious code and gain unauthorized access to the system.
DamiCMS v6.0.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
This exploit allows remote attackers to include arbitrary files on a vulnerable Joomla component called com_wmtgallery. The vulnerability is caused by the insecure handling of the 'mosConfig_live_site' parameter in the 'admin.wmtgallery.php' file. By manipulating the 'mosConfig_live_site' parameter, an attacker can include a remote file and potentially execute arbitrary code on the server.
This module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.
A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily.
This vulnerability allows an attacker to include remote files on the server. In this case, an attacker can include the 'cmd.txt' file from the localhost and execute the 'dir' command.
This exploit allows remote code execution in Foxit Reader. It leverages vulnerabilities CVE-2018-9948 and CVE-2018-9958. The exploit is written in JavaScript and has been tested on Windows 7 Ultimate x86 and Windows 10 Pro x86 v1803. The target version is Foxit Reader v9.0.1.1049. The exploit code can be found at https://srcincite.io/blog/2018/06/22/foxes-among-us-foxit-reader-vulnerability-discovery-and-exploitation.html.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.