The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Everyone' and 'Users' group, for the 'OriginClientService.exe' binary file, and for all the files in the 'Origin' directory. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges. Origin client service also suffers from an unquoted search path issue impacting the 'Origin Client Service' service for Windows deployed as part of the Origin Thin Setup bundle. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application.
This module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon (radexecd.exe), which doesn't authenticate execution requests by default neither. This module has been tested successfully on HP Client Automation 9.00 over Windows 2003 SP2 and CentOS 5.
It is discovered that insufficient validation is performed on the 'image_file' parameter enabling arbitrary JavaScript to be injected. On top of that no random tokens are used to prevent CSRF attacks. By combining these vulnerabilities an attacker could for example trick an admin into setting a persistent XSS payload on the public WordPress page.
The Issuetracker phpBugTracker v. 1.6.0 suffers from multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities. The following files used in a common phpBugTracker installation suffer from different SQLi-, stored/reflected XSS- and CSRF-vulnerabilities: project.php, user.php, group.php
A use-after-free vulnerability was discovered in unserialize() with DateTime/DateTimeZone/DateInterval/DatePeriod objects's __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
An attacker might execute arbitrary SQL commands on the database server with this vulnerability. User tainted data is used when creating the database query that will be executed on the database management system (DBMS). An attacker can inject own SQL syntax thus initiate reading, inserting or deleting database entries or attacking the underlying operating system depending on the query, DBMS an user privileges.
This exploit a file upload vulnerability found in WeBid 1.1.1, and possibly prior. Attackers can abuse the upload feature in order to upload a malicious PHP file without authentication, which results in arbitrary remote code execution.
BGA Security Team discovered an Stored XSS vulnerability in Beehive Forum v1.4.4. The vulnerable inputs are 'Homepage URL', 'Picture URL' and 'Avatar URL' on Profile Section. Following line contain the vulnerability in edit_prefs.php; if (isset($_POST['homepage_url'])) { $user_prefs['HOMEPAGE_URL'] = trim($_POST['homepage_url']); $user_prefs_global['HOMEPAGE_URL'] = (isset($_POST['homepage_url_global'])) ? $_POST['homepage_url_global'] == 'Y' : true; if (strlen(trim($user_prefs['HOMEPAGE_URL'])) > 0) { if (preg_match('/^http:///u', $user_prefs['HOMEPAGE_URL']) < 1) { $error_msg_array[] = gettext('Homepage URL must include http:// schema.'); $valid = false; } else if (!user_check_pref('HOMEPAGE_URL', $user_prefs['HOMEPAGE_URL'])) { $error_msg_array[] = sprintf(gettext('%s is not a valid Homepage URL'), $user_prefs['HOMEPAGE_URL']); $valid = false; } } }
A vulnerability exists in Samsung iPOLiS XnsSdkDeviceIpInstaller ActiveX, which could allow an attacker to execute arbitrary code on the vulnerable system. This is due to a stack-based buffer overflow in the WriteConfigValue() method of the XNSSDKDEVICELib.XnsSdkDevice ActiveX control (XnsSdkDeviceIpInstaller.ocx) when handling a long argument. An attacker can exploit this vulnerability by enticing a victim to visit a malicious web page containing a specially crafted HTML that would trigger the overflow.
Services By CQR