This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.
Multiple memory corruption vulnerabilities have been found in the code that implements 3D Acceleration for OpenGL graphics in Oracle VirtualBox. These vulnerabilities could allow an attacker who is already running code within a Guest OS to escape from the virtual machine and execute arbitrary code on the Host OS.
GNUPanel has a pure coded ticket support system Comment 'consultar' field is not ascaped so any tags including script tags can be stored in them. An unauthenticated user can cause a logged in user to create support ticket including malicious code.
The application is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for the 'eMservice.exe' binary file. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.
If someone is logged on the web interface of the ZyXEL Router P-660HN-T1A, an attacker can bypass the login form by going straight to the default page of administration. The root page will ask for a password, but the vulnerability works from any IP address, allowing the router to be accessed from any IP when a legitimate user is logged in.
This module abuses the Backup Client Service (OmniInet.exe) to achieve remote code execution. The vulnerability exists in the EXEC_BAR operation, which allows to execute arbitrary processes. This module has been tested successfully on HP Data Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
This module exploits a remote arbitrary file write vulnerability in SolidWorks Workgroup PDM 2014 SP2 and prior. For targets running Windows Vista or newer the payload is written to the startup folder for all users and executed upon next user logon. For targets before Windows Vista code execution can be achieved by first uploading the payload as an exe file, and then upload another mof file, which schedules WMI to execute the uploaded payload. This module has been tested successfully on SolidWorks Workgroup PDM 2011 SP0 on Windows XP SP3 (EN) and Windows 7 SP1 (EN).
A remote code execution has been found and confirmed within ownCloud as an authenticated user. A successful attack could allow an authenticated attacker to execute PHP code, which could lead to a full compromise of the server and associated infrastructure. Please note that only the Windows versions of ownCloud are affected and that valid credentials are required. It is possible to create a custom .htaccess into the user's folder on Windows version of the application, which will enable PHP execution on the folder. This vulnerability exists because it is possible to bypass the internal blacklists using Windows ADS (Alternate Data Streams).
The Huawei E5331 MiFi mobile hotspot is vulnerable to unauthenticated access and manipulation of settings. The device is accessible via the web interface without authentication. The following settings can be manipulated: WLAN settings, WAN settings, Firewall settings, System settings.
There is a simple local exploit in iCAM workstation control which allows a user to bypass the login screen and access the Local Disk Drive to launch applications such as a Web Browser. To exploit this vulnerability, the attacker must press the Alt & Tab hotkey from the login screen, then press the shortcut for the Windows Help feature - Windows key & F1. Once in the windows help, the attacker must type in a random string into the search box and press enter, which will open the windows explorer. From there, the attacker can launch various applications by navigating the windows file system.
Services By CQR