BGA Security Team discovered an HTTP Header Pollution vulnerability in Citrix Netscaler NS10.5 (other versions may be vulnerable). It is possible to bypass Netscaler WAF using a method which may be called HTTP Header Pollution. The setup: An Apache web server with default configuration on Windows (XAMPP). A SOAP web service which has written in PHP and vulnerable to SQL injection. Netscaler WAF with SQL injection rules. First request: ‘ union select current_user,2# - Netscaler blocks it. Second request: The same content and an additional HTTP header which is “Content-Type: application/octet-stream” - Netscaler allows it.
Community Gallery 2.0 before 12/10/2014 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code into the description field of an image, which will be executed when the image is viewed by an authenticated user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Standard CSRF, allow you to change a users's password.
ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.
An unspecified error in Windows Text Services can be exploited to cause memory corruption.
An error when handling the Size member of a GIF DataSubBlock data structure can be exploited to cause memory corruption via a specially crafted GIF file.
An error when handling LZWMinimumCodeSize can be exploited to cause memory corruption via a specially crafted GIF file.
Input passed via the 'page' GET parameter and the 'username' POST parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
str_replace() is used to sanitize file path but function output is not assigned to variable. An attacker can exploit this vulnerability to download arbitrary files from the server.
This is a proof-of-concept exploit that is able to escape from Native Client's x86-64 sandbox on machines that are susceptible to the DRAM 'rowhammer' problem. It works by inducing a bit flip in read-only code so that the code is no longer safe, producing instruction sequences that wouldn't pass NaCl's x86-64 validator. There are two ways to test the exploit program without getting a real rowhammer-induced bit flip: Unit testing and Testing inside NaCl.
Services By CQR