To properly exploit this vulnerability, the local attacker must insert an executable file in the path of the service. Upon service restart or system reboot, the malicious code will be run with elevated privileges.
This exploit allows an attacker to perform blind SQL injection attacks on the WebTareas 2.4 application. By exploiting the vulnerability, an attacker can extract login credentials and passwords from the application's database.
The application suffers from a cleartext transmission/storage of sensitive information in a Cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials through a man-in-the-middle attack.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from the device's MAC address, which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string 'LTEFemto' resulting in something like 'LTEFemtoD080' as the default Admin password.
This exploit allows an attacker to upload arbitrary files to the target system using the vulnerable Scriptcase 9.7 software. By exploiting this vulnerability, an attacker can potentially upload a malicious PHP file and achieve remote code execution.
This exploit targets the DirectSpeechSynthesis Module (XVoice.dll) version 4.0.4.3303. It allows for remote execution of arbitrary code by exploiting a buffer overflow vulnerability. The exploit is designed specifically for Internet Explorer 7 on Windows XP SP2 and utilizes a heap spray technique.
The Microsoft Exchange Active Directory Topology service in version 15.0.847.40 is vulnerable to an unquoted service path vulnerability. An attacker with local access to the system can exploit this vulnerability to escalate privileges and execute arbitrary code.
The Microsoft Exchange Mailbox Assistants service (MSExchangeMailboxAssistants) in version 15.0.847.40 has an unquoted service path vulnerability, which allows an attacker to potentially escalate privileges on the system.
The Franklin Fueling Systems Colibri Controller Module version 1.8.19.8580 is vulnerable to a local file inclusion (LFI) vulnerability. An attacker can exploit this vulnerability to read arbitrary files on the target system.
Services By CQR