This module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. It uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).
Argus Surveillance DVR 4.0.0.0 devices allow Trojan File SYSTEM Privilege Escalation. Placing a Trojan File DLL named "gsm_codec.dll" in Argus application directory will lead to arbitrary code execution with SYSTEM integrity. Affected Component: DVRWatchdog.exe
This exploit script creates a file called "exploit.txt" which contains a payload that causes a crash in Acunetix WVS Reporter 10.0 when loaded as a report preview. The payload consists of 20 characters of the letter "A".
This exploit takes advantage of a SEH (Structured Exception Handling) overwrite vulnerability in jetAudio 7.x. By crafting a specially crafted m3u file, an attacker can overwrite the SEH record and execute arbitrary code. The exploit has been tested on jetAudio 7.0.3 Basic on Windows 2000 SP4 Polish. The exploit payload is a Windows Execute Command shellcode that launches the Calculator. This exploit is provided for educational purposes only.
Jinu Pro is prone to Stored Cross Site Scripting vulnerabilities because it fails to properly sanitize user-supplied input.
The Cybrotech CyBroHttpServer version 1.0.3 is vulnerable to directory traversal. An attacker can use this vulnerability to access files outside of the intended directory structure by manipulating the file path in the HTTP request.
This exploit allows an attacker to disclose remote files on Apache Tomcat server. The vulnerability may reside in different WebDav implementations. The exploit requires authentication to work.
This exploit is a proof of concept for a denial of service vulnerability in Drive Power Manager version 1.10. By creating a specially crafted payload and passing it as input to the 'Name' field in the program, an attacker can cause the application to crash.
The exploit allows an attacker to disclose local files and execute arbitrary scripts on the server. The Local File Disclosure vulnerability can be exploited by accessing the server's CGI script with a specially crafted path, while the Cross Siting Scripting vulnerability can be exploited by injecting malicious scripts into the server's CGI script.
A local buffer overflow vulnerability has been discovered in the official R v3.4.4 software. The vulnerability allows local attackers to overwrite the registers (example eip) to compromise the local software process. The issue can be exploited by local attackers with system privileges to compromise the affected local computer system. The vulnerability is marked as classic buffer overflow issue.
Services By CQR