This exploit allows remote attackers to include arbitrary files on a vulnerable Joomla component called com_wmtgallery. The vulnerability is caused by the insecure handling of the 'mosConfig_live_site' parameter in the 'admin.wmtgallery.php' file. By manipulating the 'mosConfig_live_site' parameter, an attacker can include a remote file and potentially execute arbitrary code on the server.
This module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.
A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily.
This vulnerability allows an attacker to include remote files on the server. In this case, an attacker can include the 'cmd.txt' file from the localhost and execute the 'dir' command.
This exploit allows remote code execution in Foxit Reader. It leverages vulnerabilities CVE-2018-9948 and CVE-2018-9958. The exploit is written in JavaScript and has been tested on Windows 7 Ultimate x86 and Windows 10 Pro x86 v1803. The target version is Foxit Reader v9.0.1.1049. The exploit code can be found at https://srcincite.io/blog/2018/06/22/foxes-among-us-foxit-reader-vulnerability-discovery-and-exploitation.html.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The vulnerability allows an attacker to disclose files on the target system by exploiting a file inclusion vulnerability in the SkaDate Online Dating Software. By manipulating the 'view_mode' parameter in the 'featured_list.php' and 'online_list.php' files, an attacker can traverse the file system and access sensitive files.
An OS command injection vulnerability exists in the mechanism which processes usernames which are presented for authentication, allowing unauthenticated root access via the ssh service.
An OS command injection vulnerability exists in the mechanism which processes usernames which are presented for authentication, allowing unauthenticated root access via tty console login.
The vulnerability allows an attacker to include a remote file by exploiting the 'config.php' file path in the 'install' directory. This can be achieved by appending a malicious URL to the 'path' parameter in the 'config.php' file.
Services By CQR