Microweber suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification when uploading files in '/src/Microweber/functions/plupload.php' script. This can be exploited to execute arbitrary PHP code by bypassing the extension restriction by putting the dot character at the end of the filename and uploading a malicious PHP script file that will be stored in '/userfiles/media/localhost/uploaded' directory.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Stored cross-site scripting vulnerabilitity is also discovered. The issue is triggered when input passed via the POST parameter 'option_value' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is caused when the NDProxy.sys kernel component fails to properly validate input. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode (i.e. with SYSTEM privileges).
Buffer overflow is triggered upon sending long string using the command PUT to PCMAN FTP 2.07
A buffer overflow vulnerability exists in Filezilla client 2.2.X. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by sending a specially crafted request to the FTP server. This vulnerability is due to a lack of proper boundary checks when handling user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system by sending a specially crafted request to the FTP server.
This exploit allows an attacker to execute arbitrary code on an OSSEC server by sending a malicious payload via SMTP. The payload is sent to the server, which then executes it as root.
A buffer overflow vulnerability exists in Python IDLE 2.7.8, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling a specially crafted file. This can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code.
An attacker can inject arbitrary SQL commands into the 'id' parameter of the 'allgallery.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
An unauthenticated remote attacker is able to get the Froxlor MySQL password and username via webaccess due to wrong file permissions of the /logs/ folder in Froxlor version 0.9.33.1 and earlier. The plain MySQL password and username may be stored in the /logs/sql-error.log file. This directory is publicly reachable by default.
This exploit is used to hijack ring -2 execution through the APIC overlay attack. The SMBASE register of the core under attack is set to 0x1f5ef800 and the location of the attack GDT is determined by which register will be read out of the APIC. The value added to SMBASE by the SMM handler to compute the protected mode far jump offset is 0x8097 and the offset of the SMM DSC structure from which the handler loads critical information is 0xfb00. The descriptor value used in the SMM handler’s far jump is 0x10 and the MSR number for the APIC location is 0x1b. The target memory address to sinkhole is calculated by adding TARGET_SMBASE and DSC_OFFSET and then taking the bitwise AND of the result with 0xfffff000. The payload offset is set to 0x1000 and the CS base is calculated by subtracting FJMP_OFFSET from PAYLOAD_OFFSET. The APIC BSP is set to 0x100 and the APIC must be activated for the attack to work.
Services By CQR