This module exploits a vulnerability in SecureSphere cli to escape the sealed-mode of Imperva and execute code as the root user. This module requires credentials of a user to login to the SSH or can be exploited by a less privileged user.
This exploit allows for blind SQL injection and remote code execution in Php-Stats 0.1.9.2. The vulnerable code is in the php-stats.recjs.php file. The long2ip() function is used to convert a numeric argument to an IPv4 dotted IP. By manipulating the $_GET['ip'] parameter and using urldecode(), an attacker can inject SQL into the query at line 175. Additionally, magic_quotes_gpc can be bypassed by escaping ' with %2527. This exploit allows for blind SQL injection and potential remote code execution.
The 'Export' operation in the admin panel is vulnerable. The attacker can download and read all files known by the name via 'download.php'.
This module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 (Build 8110.1197) and below. These vulnerable versions (8.1 Build 8110.1197 and below) do not prevent unauthenticated, external entities from making XML-RPC requests to port 21009 of the virtual app. After the XML-RPC call is made, a shell script is called with command injection.
There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incoming_rtp_packet, which is an RTP packet with a mac length that is defined by the transport (2048 bytes for DTLS in Chrome). This packet is then copied to the received_packet in several locations in the method, depending on packet properties, using the length of the incoming_rtp_packet as the copy length. The received_packet is a ForwardErrorCorrection::ReceivedPacket, which has a max size of 1500. Therefore, the memcpy calls in this method can overflow this buffer.
The vulnerability is present in the file /NuSEO PHP Enterprise.v1.6 Nulled by DGT/NuSEO.PHP.Enterprise.v1.6.PHP.NULL-DGT/nuseo/admin/nuseo_admin_d.php. By manipulating the 'nuseo_dir' parameter in the URL, an attacker can include remote files from a different server, potentially leading to arbitrary code execution.
The Switch Port Mapping Tool version 2.81 is vulnerable to a Denial of Service (DoS) attack. By providing a specially crafted SNMP v1/v2c Read Community Name, an attacker can cause the application to crash.
The ipPulse version 1.92 is vulnerable to a Denial of Service (DoS) attack when a specially crafted license key is entered. By providing a long string of characters as the license key, the application crashes, resulting in a denial of service to legitimate users.
This exploit allows an attacker to perform a remote SQL injection attack on cpDynaLinks version 1.02. By exploiting the vulnerability, the attacker can retrieve the admin username and password from the database.
An unauthenticated user can trigger the Twig template engine by injecting code into the URI. This can be leveraged to perform arbitrary calls against the template engine and the CMS. The output will be reflected within the Link header of the response.
Services By CQR