This PoC exploits an authentication bypass vulnerability in Airdroid VerAll. It allows an attacker to upload a file to the remote server without authentication. The vulnerability exists due to the lack of proper authentication checks in the 'sdctl/comm/upload/dir' endpoint. An attacker can exploit this vulnerability by sending a specially crafted POST request to the vulnerable endpoint.
A vulnerability in the Wordpress S3Bubble Cloud Video With Adverts & Analytics plugin allows an attacker to download arbitrary files from the server. This is due to the downloader.php script in the plugin which allows an attacker to specify a file path in the 'path' parameter and download the file. This can be exploited by an attacker to download sensitive files such as the wp-config.php file which contains the database credentials.
The Vulnerability Laboratory Research team discovered a local command inject web vulnerability in the official WK UDID v1.0.1 iOS mobile web-application. The vulnerability allows to inject malicious script codes to the application-side of the vulnerable mobile app. The vulnerability is located in the device name value of the send by mail function. Local attackers are able to manipulate the name value of the device to compromise the mail function of the wkudid mobil app.
A vulnerability in CuteNews 2.0.3 allows an attacker to upload a malicious file to the server, allowing for remote code execution.
Albo Pretorio Online is a simple wordpress plugin that allows to manage an official bulletin board (albo). For an Italian law publishing an albo on institutional sites become compulsory in 2009. This made the plugin very popular in the institutional enviroment due to the fact that it is the only one present in the official channels. The plugin suffers from an unauthenticated SQL Injection and other various authenticated vulnerabilities, such as XSS and CSRF. In fact the back-end does not sanitize any input/output, so many vulnerabilities are present.
A use-after-free vulnerability exists in McAfee SiteAdvisor 3.7.2 for Firefox. The vulnerability is caused due to a logic error in the NPMcFFPlg32.dll module when handling certain parameters passed to the CreateFFScriptable() function. This can be exploited to corrupt memory and execute arbitrary code by tricking a user into visiting a malicious web page.
The only 'filtering' on this resources appears to be a sprintf() call which statically prefixes a submitted 'dev' argument with '/www'. However, if a HTTP request is performed without a 'dev' argument at all, the sprintf() call is never reached, and a fully-qualified path can be provided in the 'path' parameter - bypassing the upload path restriction.
By combining all vulnerabilities documented in this advisory an unprivileged authenticated remote attacker can gain full system access (root) on the RPRM appliance. This has an impact on all conferences taking place via this RP Resource Manager. Attackers can steal all conference passcodes and join or record any conference.
This module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.
This Cross-Site Request Forgery vulnerability enables an anonymous attacker to add an admin account into the application. This leads to compromising the whole domain as the application normally uses privileged domain account to perform administration tasks. Also the attacker can reset any user's password after gaining the privileged account.
Services By CQR