A local file include web vulnerability has been discovered in the official Files Desk Pro v1.4 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `filename` value of the `upload` module. Remote attackers are able to inject own files with malicious `filename` values in the `upload` POST method request.
A local file include web vulneability has been discovered in the official Notable Group WifiTransfer Pro v1.1 iOS mobile web-application. The vulnerability allows local attackers to include local files to compromise the mobile web-application or connected device.
SQL Injection through User-Agent. User agent injection is a critical issue for web applications. In this specific case it’s worthed to do an investigation on the header section of user-agent to see if there is any malformation that will allow an SQLi.
pam_fprintd uses net.reactivated.Fprint service to trigger finger swiping and registers DBUS signal inside the PAM authentication function. Since there is no message filter registered in either pam_fprintd, nor inside dbus-glib which it is using, such signals can be spoofed by anyone. To test this PoC, start a service (su is fine) as user that is using pam_fprintd. On a second xterm, when you see 'Swipe your ... finger' message start this PoC and you will notice that a rootshell is spawned in the first xterm w/o giving your finger.
Due to insufficient privilege checks it is possible for anonymous (unauthenticated) users to trigger some administrative actions If any of the shortcodes is used (e.g. signup page). The action 'export CSV' takes a parameter called 'query' that can contain an arbitrary SQL query. This means that an unauthenticated user can execute arbitrary SQL statements (e.g. create an admin user, read or write files, or execute code depending on the MySQL user privileges).
This exploit is based on semtex.c by sd and is used to gain root access on Ubuntu 12.04.0 - 3.2.0-23-generic, Ubuntu 12.04.1 - 3.2.0-29-generic and Ubuntu 12.04.2 - 3.5.0-23-generic. The exploit uses the perf_swevent_init syscall to overwrite the handler and execute the payload.
A vulnerability in Microsoft Internet Explorer 11 allows an attacker to cause a denial of service (DoS) condition by exploiting a WeakMap Integer divide-by-zero. The vulnerability exists when the browser attempts to divide by zero when accessing a WeakMap object. This can be exploited by an attacker to cause a denial of service condition.
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Sharetronix, which can be exploited to perform SQL injection and Сross-Site Request Forgery (CSRF) attacks against vulnerable application. A remote hacker can gain full control over the application. Input passed via the 'invite_users[]' HTTP POST parameter to '/[group_name]/invite' URI is not properly sanitised before being used in SQL query. A remote attacker can send a specially crafted HTTP POST request and execute arbitrary SQL commands in application's database. The application does not properly verify whether a malicious request was issued from a valid user. A remote attacker can send a specially crafted HTTP request and perform any action with the same privileges as a legitimate user.
This module injects a malicious UDP packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet.
AuraCMS 3.0 is vulnerable to Reflected XSS and LFI. The FileManager parameter is unfiltered and can be used to inject malicious code. Directory listing is also possible.
Services By CQR