Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable.
Kerio Control suffers from a SQL Injection Vulnerability which can lead to gain users sensitive informations like passwords , to use this vulnerability attacker need a valid client username and password. Vulnerable path: /print.php Vulnerable variables: x_16 and x_17 HTTP Method: GET
ZumoCRM is prone to a Persistent Cross Site Scripting attack that allows a malicious user to inject HTML or scripts that can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. Proof of concept includes creating a report as a Normal user, selecting module Accounts, selecting filter Name, selecting column Employees and as a value use: '><script>alert('XSS by Provensec')</script> and saving the report and sharing it with other users to distribute the malicious code.
Spark Browser version 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) resulting in stack overflow via nested calls to the window.print javascript function.
It’s possible to read any files from the server (with the application’s user’s permissions) by a simple HTTP GET request. Flussonic’s web interface login information can be found as plaintext by reading /etc/flussonic/flussonic.conf; thus, it’s possible to login any Flussonic web interface using that method. It’s also possible to list any directories’ content sending a HTTP GET request to “flussonic/api/list_files” with the parameteres “dir” and “recursive”.
The RICOS web application is accessible without authentication. An attacker can access the application and view/modify/delete data. The RICOS web services are accessible without authentication. An attacker can access the web services and view/modify/delete data. The RICOS database is accessible without authentication. An attacker can access the database and view/modify/delete data. The RICOS configuration files are accessible without authentication. An attacker can access the configuration files and view/modify/delete data. The RICOS log files are accessible without authentication. An attacker can access the log files and view/modify/delete data. The RICOS backup files are accessible without authentication. An attacker can access the backup files and view/modify/delete data. The RICOS source code is accessible without authentication. An attacker can access the source code and view/modify/delete data. The RICOS installation files are accessible without authentication. An attacker can access the installation files and view/modify/delete data. The RICOS system files are accessible without authentication. An attacker can access the system files and view/modify/delete data.
Gitlist is a web frontend for browsing Git repositories. A vulnerability exists in versions <= 0.4.0 which allows an anonymous user to execute arbitrary code on the server. This is due to the lack of input validation in the 'blame' controller. An attacker can craft a malicious URL which will write a PHP shell to the server's cache directory. This shell can then be used to execute arbitrary commands on the server.
check_dhcp plugin (part of the official Nagios Plugins package) contained a vulnerability that allowed a malicious attacker to read parts of INI config files belonging to root on a local system. It allowed an attacker to obtain sensitive information like passwords that should only be accessible by root user.
A vulnerability in the chkrootkit package may allow local attackers to gain root access to a box in certain configurations (/tmp not mounted noexec). The vulnerability is located in the function slapper() in the shellscript chkrootkit, where the line 'file_port=$file_port $i' will execute all files specified in $SLAPPER_FILES as the user chkrootkit is running (usually root), if $file_port is empty, because of missing quotation marks around the variable assignment. An attacker with write access to /tmp (not mounted noexec) may take advantage of this.
Endeca Latitude offers administrators the ability to perform different administrative and configuration operations by accessing URLs. These URLs are not secured by a randomly generated token and therefore are prone to Cross-Site Request Forgery attacks. An attacker might prepare a website, which can trigger arbitrary functionality (see [1] and [2]) of an Endeca Latitude instance if someone opens the attacker's website in a browser that can reach Endeca Latitude.
Services By CQR