Hex Workshop v6.7 is vulnerable to denial of service via a command line file arguments and control the Structured Exception Handler (SEH) records.
Buffer overflow controlling the Structured Exception Handler (SEH) records in Explorer++ 1.3.5.531, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument.
Prowise Reflect software version 1.0.9 for Windows is vulnerable to a remote keystroke injection. The exploit works either over the network (when port 8082 is exposed) or by visiting a malicious website. The exploit allows the attacker to inject keystrokes into the target system. The provided Proof of Concept (POC) contains a malicious webpage that demonstrates the exploit.
Dixell XWEB-500 is affected by multiple Arbitrary File Write Vulnerability. The exploit allows an attacker to write arbitrary files on the target system using various endpoints such as logo_extra_upload.cgi, lo_utils.cgi, and cal_save.cgi. The attacker can specify the filename and content of the file to be written.
The FLEX 1085 Web appliance is vulnerable to an HTML injection attack that allows the injection of arbitrary HTML code.
A local non-admin user on the computer can create a Performance subkey in the HKLMSYSTEMCurrentControlSetServicesDnscache or HKLMSYSTEMCurrentControlSetServicesRpcEptMapper registry keys, populate it with values, and trigger performance monitoring, which leads to a Local System WmiPrvSE.exe process loading the attacker's DLL and executing code from it.
The vulnerability laboratory core research team discovered a persistent cross site scripting vulnerability in the Simplephpscripts Simple CMS v2.1 web-application.
By default, the Authenticated Users group has the modify permission to OpenClinic folders/files. A low privilege account can rename mysqld.exe or tomcat8.exe files located in bin folders and replace them with a malicious file that would connect back to an attacking computer, giving system-level privileges. This is possible because the service is running as Local System. Although a low privilege user cannot restart the service through the application, a restart of the computer triggers the execution of the malicious file. The application also has unquoted service path issues.
The CTM-200 wireless gateway suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.
Before the patch, it was possible to inject system commands on 'map' parameter when launching a new counter-strike server just by putting the command= between ';', the user needs to be authenticated for this.