With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single sign-on web portal and remote desktop gateway that enables users to remotely access the console session of their office PC. It is possible to create a custom web portal login page which allows a user to login without providing their credentials. However, the credentials are stored in an insecure manner since they are saved in cleartext, within the html login page. This means that everyone with an access to the web login page can easily retrieve the credentials to access the application by simply looking at the html code page.
In TSplus Remote Work (v. 16.0.0.0), insecure file and folder permissions are set, allowing a malicious user to manipulate file content or change legitimate files to compromise a system or gain elevated privileges.
TSplus Remote Access (v. 16.0.2.14) has insecure file and folder permissions, which can allow a malicious user to manipulate file content or change legitimate files to compromise the system or gain elevated privileges.
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory: av_libGLESv2.dll, libcef.DLL, user32.dll, d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
CVE-2023-1389 is an unauthenticated command injection vulnerability in the web management interface of the TP-Link Archer AX21 (AX1800), specifically, in the *country* parameter of the *write* callback for the *country* form at the "/cgi-bin/luci/;stok=/locale" endpoint. By modifying the country parameter it is possible to run commands as root. Execution requires sending the request twice; the first request sets the command in the *country* value, and the second request (which can be identical or not) executes it. This script is a short proof of concept to obtain a reverse shell. To read more about the development of this script, you can read the blog post here: https://medium.com/@voyag3r-security/exploring-cve-2023-1389-rce-in-tp-link-archer-ax21-d7a60f259e94
This exploit allows an attacker to execute arbitrary code on the target system without authentication. By providing a specially crafted payload, the attacker can gain remote access and control over the system.
This exploit allows an attacker to create a proxy basket in Request-Baskets v1.2.1 and make the server request to a specified attacker server. This can lead to server-side request forgery (SSRF) attacks.
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user. This vulnerability allows a local attacker to gain root privileges.
This exploit allows remote attackers to execute arbitrary commands on the target system by injecting malicious commands through the 'hostname' parameter in the 'ping' utility of the Emagic Data Center Management Suite v6.0. By exploiting this vulnerability, an attacker can gain unauthorized access and control over the target system.
The attacker can send to victim a link containing a malicious URL in an email or instant message, can perform a wide variety of actions, such as stealing the victim's session token or login credentials
Services By CQR