This module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group. This module has been tested successfully with lastore-daemon version 0.9.53-1 on Deepin Linux 15.5 (x64).
This exploit takes advantage of a buffer overflow vulnerability in Easy File Sharing Web Server version 7.2. By sending a specially crafted 'UserID' parameter, an attacker can execute arbitrary code on the target system. The exploit bypasses DEP (Data Execution Prevention) and allows the execution of arbitrary shellcode. The exploit has been tested on Windows 7 Enterprise (x86) with Service Pack 1.
Kaspersky KSN v5.2 is prone to a remote memory corruption vulnerability. It fails to properly filter input on the remote subscribers, leading to heap segment overwrite and remote code execution.
This is an empty JavaScript script block that does not contain any code or exploit. It is a non-functional script and does not pose any security vulnerability.
The exploit code creates a file called 'Evil.txt' and copies its content into the License Name field of the Allok Video to DVD Burner software. This triggers a buffer overflow vulnerability in the software, allowing the attacker to execute arbitrary code.
Monstra CMS 3.0.4 allows remote attackers to delete folder via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
The vulnerability allows remote attackers to include arbitrary files via a vulnerable file in DFD Cart 1.1.
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
This is a remote buffer overflow exploit for Xitami Web Server 2.5. It takes advantage of the If-Modified-Since header to trigger the vulnerability and execute arbitrary code. The exploit was discovered by Krystian Kloskowski (h07) and tested on Xitami 2.5c2 on Windows XP SP2 Polish. The shellcode used in this exploit is the Windows Execute Command (calc) from metasploit.com.
It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with …/ or … or …./ or …. as a directory-traversal pattern to TCP port 8667. An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
Services By CQR