This vulnerability allows remote attackers to execute arbitrary commands on Oracle Weblogic Server versions 10.3.6.0, 12.1.3.0, 12.2.1.2, and 12.2.1.3. The vulnerability is caused by improper deserialization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted request to the target server, which may result in remote code execution.
This script sets up the attack payload for Symantec Endpoint.
The Timbuktu Pro software version 8.6.5 and below is vulnerable to arbitrary file deletion and creation. This vulnerability can be exploited by an attacker to delete or create arbitrary files on the targeted system. The vulnerability occurs due to improper input validation when handling filenames, allowing an attacker to traverse directories and perform unauthorized file operations. This exploit takes advantage of the vulnerability by sending specially crafted packets to the target system. The payload can be either text or binary format.
Bypass/Exploit `escapeshellarg` using argument injection: `git grep --open-files-in-pager=whoami`. More info about this technique: https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
Persistent XSS- Go to the account page localhost/OctoberCMS/account/- Register & enter the following for your full name <p "'"><SCRIPT>alert("XSS")</SCRIPT>">- You will be alerted everytime you visit the account page localhost/OctoberCMS/account/
The code snippet provided demonstrates an exploit in the AsyncGeneratorReturn function in the V8 JavaScript engine. By manipulating the 'then' getter of the AwaitedPromise object, an attacker can overwrite the AwaitedPromise immediately after the call to Await, leading to an incorrect state in the generator.
There is no detailed description available for this exploit.
The vulnerability occurs in the NodeProperties::InferReceiverMaps function in the V8 JavaScript engine. The issue arises when the 'mnewtarget' variable, which is expected to be a constructor, is cast to JSFunction, leading to type confusion. This can potentially be exploited to cause a crash or execute arbitrary code.
This control contains two vulnerabilities: 1) It is possible to cause a DoS passing at least one character to "AddString()" method. 2) It is possible to overwrite a file passed as an argument to "SaveToFile()" method.
This module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root.This module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an interactive remote shell.This module was tested successfully on an ASUS RT-N12E with firmware version 2.0.0.35.Numerous ASUS models are reportedly affected, but untested.
Services By CQR