The vulnerability laboratory core research team discovered multiple web vulnerabilities in the official Macs Framework v1.1.4f CMS.
Multiple persistent web vulnerabilities were discovered in the AirDisk Pro v5.5.3 iOS application. These vulnerabilities allow for cross-site scripting attacks.
This exploit allows remote code execution in Oracle WebLogic Server 12.2.1.4.0. The exploit code is written in Python and connects to a specified host and port. It sends headers to the server and then sends a payload to execute the code.
A remote Stored Cross Site Scripting has been discovered in WSO2 API Manager Ressource Browser component). The security vulnerability allows a remote attacker With access to the component "Ressource Browser" to inject a malicious code in Add Comment Feature. The vulnerability is triggered after sending a POST request to `/carbon/info/comment-ajaxprocessor.jsp` with Parameter "comment=targeted&path=%2F". Remote attackers has the ablility to spread a malware,to Hijack a session (a session with Higher privileges), or to initiate phishing attacks. The security risk of the Stored XSS web vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 5.4 Exploitation of the Stored XSS web vulnerability requires a low privilege web-application user account and medium or high user interaction. Successful exploitation of the vulnerability results in Compromising the server.
There is a file inclusion vulnerability in the mla-file-downloader.php file. Visiting the vulnerable URL would lead to disclosure of the contents of options.php. Note that this vulnerability does not require authentication.
This exploit targets a stack overflow vulnerability in the Free Desktop Clock application, version 3.0. By manipulating the 'Enter display name' textbox, an attacker can overwrite the Structured Exception Handler (SEH) and gain control of the program's execution flow. The exploit uses the Venetian Blinds technique to decode the attacker's shellcode. The vulnerability only affects the x86 version of the application and has been tested on Windows 10 - Pro 1909 (x86) and Home 1909 (x86).
The AbsoluteTelnet version 11.12 is vulnerable to a denial of service (DoS) attack. By sending a specially crafted payload to the SSH1 'username' field, an attacker can cause the application to crash, resulting in a denial of service condition.
DDNS test functionality. Stack overflow via memcpy
The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.In contrast authenticating using the "unc path" "\x.x.x.xc$" using an explorer type logon does prompt for credentials as expected. The authentication mechanism between the two network logon methods are inconsistent and in my opinion leaves an authentication loophole invitation. Moreover, since this targets built-in Administrator account, one would think there would be more or equal security measures in place not less.Requirements:1) Remote system built-in Administrator account is enabled2) Origination system users account password and the remote system Administrator passwords match (reuse).Typically, to gain Admin privileges on remote logon you may have to create and enable "LocalAccountTokenFilterPolicy" but NOT in this case.Again, the "LocalAccountT
This module exploits command injection vulnerability in v-list-user-backups bash script file. Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.
Services By CQR