Multiple persistent input validation web vulnerabilities have been discovered in the Dell SonicWall EMail Security Appliance Application v7.4.5. The vulnerability allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module. The vulnerabilities are located in the `/cgi-bin/admin/scripting.cgi` file with the vulnerable `name` and `value` parameters. Remote attackers are able to inject own malicious script codes to the application-side of the vulnerable module. The attack vector of the vulnerability is located on the application-side and the request method to inject is POST.
This exploit allows an attacker to execute arbitrary OS commands on IBM Tealeaf CX (v8 release 8) without authentication. The exploit is triggered by sending a specially crafted POST request to the delivery.php page. The POST request contains a parameter called 'testconn_host' which is used to execute the arbitrary OS command. The exploit also allows an attacker to access the /download.php?log=../../etc/passwd page, which can be used to gain access to the system's password file.
The Allied Telesis AT-RG634A ADSL Broadband router has a hidden URL (/cli.html) page to execute CLI command with admin priviledges, available by default and without any kind of authentication. Having as impact a total comproise of the device, an attacker can execute arbitrary commands as admin, and even gain access to the configuration file of the device.
VirusChaser 8.0 is vulnerable to a stack buffer overflow vulnerability. An attacker can exploit this vulnerability by sending a specially crafted payload to the scanner.exe application. The payload contains shellcode that is executed when the application attempts to process the malicious input. The shellcode is responsible for executing the WinExec() function, which can be used to execute arbitrary code.
OpenCart suffers from multiple SQL injection vulnerabilities in ebay.php, which is more about privilege escalation as attackers may need openbay module access. Poorly coded file full of SQLi opencart/system/library/ebay.php, where product_id is used in a SQL query without being sanitized. The function is called on many locations and parameter is passed without sanitizing. In opencart/admin/controller/openbay/openbay.php, public function editLoad() is vulnerable, where $this->request->get['product_id'] is coming from GET field. Similarly, public function isEbayOrder($id) and public function getProductStockLevel($productId, $sku = '') are also vulnerable.
This exploit allows an attacker to cause a denial of service (DoS) on a Couchdb server by sending a GET request to the _uuids endpoint with a large count parameter. This causes the server to allocate a large amount of memory, eventually leading to a crash.
This module exploits a missing authorization vulnerability in the 'update_roles' action of 'users' controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.
Haihaisoft Universal Player 1.5.8 is vulnerable to a buffer overflow vulnerability when a maliciously crafted httx:// URL is opened. This can be exploited to execute arbitrary code by overwriting the SEH handler.
Haihaisoft HUPlayer is vulnerable to a buffer overflow vulnerability when a specially crafted malicious URL is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain.
qEngine CMS stores database backups using the Backup DB tool with a predictable file name inside the '/admin/backup' directory as 'Full Backup YYYYMMDD.sql' or 'Full Backup YYYYMMDD.gz', which can be exploited to disclose sensitive information by downloading the file. The '/admin/backup' is also vulnerable to directory listing by default.
Services By CQR