This script emulates a dreamweaver client connection to ColdFusion 6 MX Server in order to get remote directory structure. It sends HTTP requests to the server and retrieves the response containing the directory structure. The script does not include full exploit code with read, retrieve, and write functions.
This exploit allows remote attackers to execute arbitrary code on vulnerable Windows 2000 SP3 and Windows NT 4.0 SP6a systems by exploiting a vulnerability in the RPC Locator service.
The WibuKey Runtime version 6.51 is affected by an unquoted service path vulnerability. The service 'WkSvW32.exe' has an unquoted service path, which can be exploited by an attacker to escalate privileges and execute arbitrary code with elevated permissions. By placing a malicious executable with the same name in a higher-priority directory in the system's PATH environment variable, the attacker can trick the system into executing the malicious code instead of the legitimate service executable.
This vulnerability could permit executing code during startup or reboot with the escalated privileges.
This plugin allows admins to create and download database backups. A CSRF can create DB backups stored publicly in the uploads directory.
This exploit launches calc.exe.
Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note. Successful exploitation will cause the application to stop working.
Color Notes is vulnerable to a DoS condition when a long list of characters is being used when creating a note. Successful exploitation will cause the application to stop working.
This exploit allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Intelbras Router RF 301K. By submitting a specially crafted form, the attacker can change the router's DNS settings, redirecting traffic to a malicious DNS server.
This exploit allows an authenticated user to perform server-side template injection (SSTI) in Grav CMS 1.7.10. By creating a malicious page with a crafted template, an attacker can execute arbitrary code on the server.
Services By CQR