An attacker can execute arbitrary code on Sony XAV-AX5500 devices without requiring authentication by exploiting a vulnerability in the software update handling process. The flaw lies in the lack of proper validation of software update packages, enabling code execution within the device context. This exploit bypasses firmware validation, allowing an attacker with physical access to achieve Remote Code Execution (RCE) on the infotainment unit. The vulnerability affects firmware versions prior to v2.00.
The ABB Cylon Aspect BMS/BAS controller through webServerDeviceLabelUpdate.php script allows authenticated attackers to inject arbitrary content via the 'deviceLabel' POST parameter, leading to writing content to a fixed file location (/usr/local/aam/etc/deviceLabel) and potentially causing denial of service.
The Angular-Base64-Upload Library version 0.1.20 is vulnerable to Remote Code Execution (RCE) prior to v0.1.21. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the target system. This exploit has been assigned CVE-2024-42640 with a severity rating of Critical (CVSS 10.0).
The ABB Cylon Aspect 3.08.02 webServerUpdate.php script does not properly validate input on the port POST parameter, allowing attackers to bypass client-side checks and supply arbitrary integer values. This can lead to configuration poisoning, Denial of Service (DoS) attacks, and manipulation of server settings via Cross-Site Request Forgery (CSRF) combined with authentication bypass.
A vulnerability in phpMyFAQ v3.2.10 allows a privileged attacker to initiate a file download on a victim's system by embedding it in an <iframe> element without user interaction. By uploading a malicious attachment and linking it through an iframe in a FAQ record, the attacker can trigger automated downloads on the victim's machine.
Windows Defender usually blocks the execution of TrojanWin32Powessere.G, but a bypass using VBScript and ActiveX engine can allow the execution of malicious commands. By adding arbitrary text as the 2nd mshtml parameter, one can bypass the detection. For example, running rundll32 vbscript:"\\..\\mshtml\\..\\PWN\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0) can execute commands despite Windows Defender protection.
The exploit allows an attacker to execute remote code on Elasticsearch versions 8.5.3 and OpenSearch. By sending a crafted payload within a search query, an attacker can trigger the vulnerability. This exploit is linked to CVE-2023-31419.
Windows Defender usually prevents the execution of TrojanWin32Powessere.G by leveraging rundll32.exe. However, by using multiple commas in the execution command, the mitigation can be bypassed, allowing successful execution of the trojan.
A proof-of-concept scenario showcasing a host header injection vulnerability in sisqualWFM version 7.1.319.103, particularly targeting the /sisqualIdentityServer/core endpoint. Exploiting this flaw could allow an attacker to manipulate webpage links or redirect users to malicious sites by altering the host header.
Windows Defender's mitigation bypass for TrojanWin32Powessere.G allows execution leveraging rundll32.exe. By using multi-commas, the mitigation can be bypassed, enabling successful execution.
Services By CQR