The WordPress User Role Editor plugin prior to v4.25, is lacking an authorization check within its update user profile functionality. This vulnerability allows an authenticated user to add arbitrary User Role Editor roles to its profile.
SQL Injection Authentication Bypass
The Novus system is vulnerable to SQL Injection. By manipulating the 'nota_id' parameter in the 'notas.asp' page, an attacker can execute arbitrary SQL queries. The following SQL injection payloads can be used to extract sensitive information: - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,db_name()) - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,system_user) - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,@@servername)-- - http://[novus]/notas.asp?nota_id=1+and+1=convert(int,@@version)--
This exploit allows an attacker to execute arbitrary code by using a specially crafted PDF file with XFA (XML Forms Architecture) support. By embedding malicious code in the XDP template, the attacker can trigger the execution of the code when the PDF is opened.
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can also be used for privilege escalation. In that case, port forwarding on the compromised host can be used. Code execution is achieved with the msfconsole command: irb -e 'CODE'.
Module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user.
This script creates a malicious ODF file that can be used to leak NetNTLM credentials. It works against LibreOffice 6.0.3 and OpenOffice 4.1.5. The script creates a blank ODT file and then modifies the content.xml file to include the payload.
This exploit leverages the vulnerabilities enumerated in these CVES: [ CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736 ]. More details here: http://blog.redactedsec.net/exploits/2018/04/26/nagios.html. Steps are as follows: 0. Determine Version 1. Change the database user to root:nagiosxi 2. Get an API key w/ SQLi 3. Use the API Key to add an administrative user 4. Login as that administrative user 5. Do some authenticated RCE w/ privesc 6. Cleanup.
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution. The module can load msf PHP arch payloads, using the php/base64 encoder. The resulting RCE on Drupal looks like this: php -r 'eval(base64_decode(#{PAYLOAD}));'
This exploit takes advantage of a stack overflow vulnerability in the Bluetooth stack. By sending a specially crafted BNEP packet, an attacker can cause a stack overflow and potentially execute arbitrary code on the target device. This vulnerability is identified by CVE-2017-0781.
Services By CQR