Proof-of-concept for unauthenticated LFD in E-Detective. Authors: Mustafa Al-Bassam (https://musalbas.com) slipstream/RoL (https://twitter.com/TheWack0lian). The proof-of-concept uses the 'action=getfile&file=' parameter to read arbitrary files on the server.
Users with the respective privileges can maintain acronyms through the Akronymmanager extension pages in the TYPO3 backend web interface. In the extension's file mod1/index.php, an SQL query is generated like follows (line 357 and following): The value of the user-supplied HTTP GET parametre 'id' is used without sanitizing it before its use in the subsequent SQL statement. Therefore, attackers are able to manipulate the resulting SQL statement and inject their own queries into the statement.
FinePlayer is prone to a memory corruption vulnerability when a maliciously crafted .mp4 file is opened. This can be exploited to cause a denial-of-service condition.
XtMediaPlayer is vulnerable to a memory corruption vulnerability due to improper validation of user-supplied input. An attacker can exploit this vulnerability by crafting a malicious .wav file and sending it to the victim, resulting in a denial of service condition.
A vulnerability in Apexis IP CAM allows an attacker to gain full information disclosure of the device. This vulnerability is due to improper authentication and authorization checks in the web interface. By sending a specially crafted request to the web interface, an attacker can gain access to the device's username and password, as well as other sensitive information. The affected models are APM-H602-MPC, APM-H803-MPC, APM-H901-MPC, APM-H501-MPC, APM-H403-MPC, and APM-H804.
Cross-site request forgery (CSRF) vulnerability in MenuActions.aspx in Ektron CMS 9.10 SP1 before build 9.1.0.184.1.120 allows remote attackers to hijack the authentication of content administrators for requests that could lead to the deletion of content and assets.
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIG_USER_NS=y and where overlayfs has the FS_USERNS_MOUNT flag, which allows the mounting of overlayfs inside unprivileged mount namespaces. This is the default configuration of Ubuntu 12.04, 14.04, 14.10, and 15.04. The ovl_copy_up_* functions do not correctly check that the user has permission to write files to the upperdir directory. The only permissions that are checked is if the owner of the file that is being modified has permission to write to the upperdir. Furthermore, when a file is copied from the lowerdir the file metadata is carbon copied, instead of attributes such as owner being changed to the user that triggered the copy_up_* procedures.
This exploit is used to gain root access on Ubuntu 12.04, 14.04, 14.10, 15.04 (Kernels before 2015-06-15) by exploiting incorrect permission handling and FS_USERNS_MOUNT. The exploit creates a shared library and creates a /etc/ld.so.preload file which is used to execute the shared library. The shared library contains a getuid() function which is used to check if the process is running as root and if it is, it will execute a shell.
The Milw0rm Clone Script v1.0 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user input. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow an attacker to bypass authentication and gain access to the application.
The AnyConnect Secure Mobility Client VPN API suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to the 'strHostNameOrAddress' parameter in 'ConnectVpn' function which resides in the vpnapi.dll library, resulting in memory corruption and overflow of the stack. An attacker can gain access to the system of the affected node and execute arbitrary code.
Services By CQR