This exploit allows an attacker to perform path traversal and remote code execution on Apache HTTP Server version 2.4.49. By manipulating the path parameter, an attacker can access sensitive files on the server and execute arbitrary commands. The vulnerability is identified by CVE-2021-41773.
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
Mitrastar GPT-2541GNAC-N1 devices are provided with access through ssh into a restricted default shell. The command 'deviceinfo show file <path>' is used from reduced CLI to show files and directories. Because this command does not handle special characters correctly, it is possible to insert a second command as a parameter on the <path> value. By using '&&/bin/bash' as the parameter value, we can spawn a bash console with root privileges.
The plugin allows for file disclosure and cross-site scripting vulnerabilities. The file disclosure vulnerability allows an attacker to view the config data of Wordpress, including the mysql-server username and password. The cross-site scripting vulnerabilities allow an attacker to execute malicious code on the affected site.
The plugin does not implement a proper filter on the 'translated' parameter when input to the database. The 'trp_sanitize_string' function only check the "<script></script>" with the preg_replace, the attacker can use the HTML Tag to execute javascript.
The exploit is a proof-of-concept for a Denial of Service vulnerability in Cyberfox Web Browser version 52.9.1. By running a Python script, it creates a large payload that causes the browser to crash when the content is copied and pasted into the search bar.
The Ether_MP3_CD_Burner software version 1.3.8 is vulnerable to a buffer overflow attack. By providing a specially crafted input to the 'Name and Code Field' during the registration process, an attacker can execute arbitrary code on the target system. This can lead to remote code execution and compromise of the affected system. The vulnerability is caused by insufficient bounds checking of user-supplied data.
This exploit demonstrates a denial of service vulnerability in the Redragon Gaming Mouse driver ('REDRAGON_MOUSE.sys'). By sending a specially crafted IOCTL request to the driver, an attacker can cause the system to crash or become unresponsive, resulting in a denial of service condition.
Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data.
This exploit allows an attacker to craft a malicious playlist file (.m3u) that causes a buffer overflow in Total Video Player V1.03. By overwriting the stack and corrupting the SEH handler, the attacker can gain control of the ECX register and potentially the EIP and ESI registers. The exploit is credited to fl0 fl0w with special thanks to Expanders.
Services By CQR