A vulnerability in PHP Unit 4.8.28 allows an unauthenticated attacker to execute arbitrary code on the target system. This is due to the presence of a vulnerable file, eval-stdin.php, which can be accessed by sending a specially crafted HTTP request to the target system. The vulnerable file is present in the vendor/phpunit/phpunit/src/Util/PHP/ directory. An attacker can exploit this vulnerability by sending a malicious HTTP request to the target system, which will execute the arbitrary code present in the request.
The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An attacker can leak the serial number via the web app API like the following: GET /api/system/deviceinfo HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.1.1/ X-Requested-With: XMLHttpRequest Connection: close
Moodle 3.11.4 is vulnerable to a SQL injection vulnerability due to insufficient input validation in the mod/h5pactivity/classes/external/get_user_attempts.php script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the server, which can be used to execute arbitrary SQL commands on the underlying database. This can be used to gain access to sensitive information, such as user credentials, or to modify the database in any way.
SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
An authenticated user is able to inject arbitrary Javascript or HTML code to the "Domain Check Profile" interface available in settings page of the plugin, due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the administrators. The plugin versions prior to 1.0.16 are affected by this vulnerability.
The application is prone to a DoS after receiving a long server response (more than 2K bytes) leading to 100% CPU consumption.
A user without privileges in Chamilo LMS 1.11.x can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
This is a Windows variation of CVE-2019-11707, an exploit targetting a type confusion bug in the Array.pop method during inlining/IonMonkey JIT compilation of affected code in versions of Firefox up to 67.0.2. Fundamentally this bug allows an attacker to trick IonMonkey into JIT'ing a function popping and accessing an element of a specially crafted malicious array without generating any speculative guards on the element type. In other words, we can reliably produce an ASM routine for a JS function which is only designed to handle array element access for a specific object type, while allowing us to pass in an object of a different type.
The exploit consists of three files `Makefile`, `evil-so.c` & `exploit.c`. The Makefile is used to compile the evil-so.c and exploit.c files. The evil-so.c file contains code to set the UID and GID to 0 and execute a shell. The exploit.c file creates a directory and a gconv-modules file, copies the evil.so file to the directory and executes the pkexec binary with the environment variables set to the directory. This allows the evil.so file to be loaded and executed.
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
Services By CQR